Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 20176 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outbound TCP Rule

LookOut

I am using Sophos Enterprise Console version 5.2.1.197 on a Windows based server.

I am having problems getting the outbound TCP rule to work without generating firewall events.

A sample firewall event would be:

Event type:  No global rule

Direction:  Outbound

Protocol:  TCP

Remote Port:  80

Remote Address:  54.177.147.99

I have set up a global rule called Outbound TCP Rule which is a high priority rule.  The settings for this rule are:

Protocol:  Stateful TCP

Direction:  Outbound

Remote Address:  *.*.*.*

Local address:  Local network

Remote Port:  HTTP, HTTPS

Allow

Can someone please explain why firewall events are still being generated with this rule in place?  I have tried to make the allowed connection as broad as possible in an attempt to see where the problem may be coming from, but so far no luck.

To the best of my knowledge, there are no other conflicting rules.

I apologize in advance for being generally competent with Sophos, but I am certainly no expert in this area.

Any assistance would be greatly appreciated.

Thank you!

:55255


This thread was automatically locked due to age.
Parents
  • 0

    Christian,

    All of the information I have provided is from the Sophos Enterprise Console running on the server.

    The current configuration is not using Checksums.

    I am not sure what activity triggers these events.  I have included a screen shot of the Firewall Event Viewer.  Is there another place to look to see what application is involved with these events?

    Thank you very much for all your help.

    Terry

    Event Viewer.png

    :55390
Reply
  • 0

    Christian,

    All of the information I have provided is from the Sophos Enterprise Console running on the server.

    The current configuration is not using Checksums.

    I am not sure what activity triggers these events.  I have included a screen shot of the Firewall Event Viewer.  Is there another place to look to see what application is involved with these events?

    Thank you very much for all your help.

    Terry

    Event Viewer.png

    :55390
Children
No Data
Unfiltered HTML