Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 20175 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outbound TCP Rule

LookOut

I am using Sophos Enterprise Console version 5.2.1.197 on a Windows based server.

I am having problems getting the outbound TCP rule to work without generating firewall events.

A sample firewall event would be:

Event type:  No global rule

Direction:  Outbound

Protocol:  TCP

Remote Port:  80

Remote Address:  54.177.147.99

I have set up a global rule called Outbound TCP Rule which is a high priority rule.  The settings for this rule are:

Protocol:  Stateful TCP

Direction:  Outbound

Remote Address:  *.*.*.*

Local address:  Local network

Remote Port:  HTTP, HTTPS

Allow

Can someone please explain why firewall events are still being generated with this rule in place?  I have tried to make the allowed connection as broad as possible in an attempt to see where the problem may be coming from, but so far no luck.

To the best of my knowledge, there are no other conflicting rules.

I apologize in advance for being generally competent with Sophos, but I am certainly no expert in this area.

Any assistance would be greatly appreciated.

Thank you!

:55255


This thread was automatically locked due to age.
Parents
  • 0

    Hello Terry,

    running on Windows SBS 2011

    this isn't the endpoint, is it? SCF is not available for server grade OSs.

    Thinking about it - No global rule is an odd result. Do you use application checksums? Which activity triggers these events? owned by Amazon.com - the address you've posted resolves to an amazonaws.com name, part of Amazon's cloud services, nothing unusual, used by many vendors including Sophos.

    Christian

    :55364
Reply
  • 0

    Hello Terry,

    running on Windows SBS 2011

    this isn't the endpoint, is it? SCF is not available for server grade OSs.

    Thinking about it - No global rule is an odd result. Do you use application checksums? Which activity triggers these events? owned by Amazon.com - the address you've posted resolves to an amazonaws.com name, part of Amazon's cloud services, nothing unusual, used by many vendors including Sophos.

    Christian

    :55364
Children
No Data
Unfiltered HTML