Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 6768 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Firewall + non-IP protocols

Olli Rajala

Hi,

How does Sophos Endpoint Firewall work with non-IP protocols? Probably it doesn't even recognize them but passes them through?

With our current client firewall program we can for example create a rule 'Allow Non-IP Protocol 0x1234' and it is needed every now and then in our company.

Nothing like this can be found from the Sophos Endpoint Firewall policy, and I was not able to find anything via Googling. So, what's the case?

 

- Olli Rajala



This thread was automatically locked due to age.
Parents
  • 0

    Hello Olli Rajala,

    AFAIK SCF considers only the IP-suite (and from it not all protocols as can been seen in the Global Rules configuration). Guess it ignores non-IP packets.
    Just curious: Which protocol(s) are you interested in?

    Christian

  • 0 in reply to QC

    Hi,

    Yep, that's what I thought based on the information I have.

    From other contact I got information that search term 'raw sockets' might help, but it hadn't helped yet. Basically this is the best info I found: https://community.sophos.com/kb/en-us/16608#proc So, SCF can warn if some local process is using those.

    But, in our case the question is what happens to those packages, and especially when coming toward to the client computer. If they are passed, it's fine in this use case. If you are developing protocols, it's important to get the packages through. :)

    -Olli

Reply
  • 0 in reply to QC

    Hi,

    Yep, that's what I thought based on the information I have.

    From other contact I got information that search term 'raw sockets' might help, but it hadn't helped yet. Basically this is the best info I found: https://community.sophos.com/kb/en-us/16608#proc So, SCF can warn if some local process is using those.

    But, in our case the question is what happens to those packages, and especially when coming toward to the client computer. If they are passed, it's fine in this use case. If you are developing protocols, it's important to get the packages through. :)

    -Olli

Children
Unfiltered HTML