This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Firewall + non-IP protocols

Hi,

How does Sophos Endpoint Firewall work with non-IP protocols? Probably it doesn't even recognize them but passes them through?

With our current client firewall program we can for example create a rule 'Allow Non-IP Protocol 0x1234' and it is needed every now and then in our company.

Nothing like this can be found from the Sophos Endpoint Firewall policy, and I was not able to find anything via Googling. So, what's the case?

- Olli Rajala

This thread was automatically locked due to age.

Parents

0 QC over 7 years ago

Hello Olli Rajala,

AFAIK SCF considers only the IP-suite (and from it not all protocols as can been seen in the Global Rules configuration). Guess it ignores non-IP packets.
Just curious: Which protocol(s) are you interested in?

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Olli Rajala over 7 years ago in reply to QC

Hi,

Yep, that's what I thought based on the information I have.

From other contact I got information that search term 'raw sockets' might help, but it hadn't helped yet. Basically this is the best info I found: https://community.sophos.com/kb/en-us/16608#proc So, SCF can warn if some local process is using those.

But, in our case the question is what happens to those packages, and especially when coming toward to the client computer. If they are passed, it's fine in this use case. If you are developing protocols, it's important to get the packages through. :)

-Olli
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 7 years ago in reply to Olli Rajala

Hello Olli,

If you are developing protocols
you've said non-IP so I wonder what these are (the details are probably a trade secret). Anyway I don't think that SCF drops packets that don't belong to the IP family or an unsupported IP protocol (you can define Global Rules for on certain specific IP protocols). Furthermore SCF 3.x (from Windows 8 on) treats rawsockets the same as normal sockets.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 7 years ago in reply to Olli Rajala

Hello Olli,

If you are developing protocols
you've said non-IP so I wonder what these are (the details are probably a trade secret). Anyway I don't think that SCF drops packets that don't belong to the IP family or an unsupported IP protocol (you can define Global Rules for on certain specific IP protocols). Furthermore SCF 3.x (from Windows 8 on) treats rawsockets the same as normal sockets.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data