Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 20173 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outbound TCP Rule

LookOut

I am using Sophos Enterprise Console version 5.2.1.197 on a Windows based server.

I am having problems getting the outbound TCP rule to work without generating firewall events.

A sample firewall event would be:

Event type:  No global rule

Direction:  Outbound

Protocol:  TCP

Remote Port:  80

Remote Address:  54.177.147.99

I have set up a global rule called Outbound TCP Rule which is a high priority rule.  The settings for this rule are:

Protocol:  Stateful TCP

Direction:  Outbound

Remote Address:  *.*.*.*

Local address:  Local network

Remote Port:  HTTP, HTTPS

Allow

Can someone please explain why firewall events are still being generated with this rule in place?  I have tried to make the allowed connection as broad as possible in an attempt to see where the problem may be coming from, but so far no luck.

To the best of my knowledge, there are no other conflicting rules.

I apologize in advance for being generally competent with Sophos, but I am certainly no expert in this area.

Any assistance would be greatly appreciated.

Thank you!

:55255


This thread was automatically locked due to age.
Parents
  • 0

    Christian,

    Just out of curiosity, I checked the firewall events for one particular computer and compared that to the event viewer of that same computer.  For each Sophos firewall event (outbound tcp), windows created an entry in the event viewer at virtually the same time (within a few seconds of each other).

    Each event was logged as Event ID 4672 (Special Logon) and the details section showed Sophos as the related program.

    Is the "No global rule" event related to something that Sophos itself is doing?

    Almost all of the computers on our network have logged a firewall event with the "No global rule" for outbound TCP.

    I double checked to see where the endpoints were getting their updates and each computer points back to the server.

    Any thoughts??

    Thank you for sticking with me on this problem.

    Terry

    :55416
Reply
  • 0

    Christian,

    Just out of curiosity, I checked the firewall events for one particular computer and compared that to the event viewer of that same computer.  For each Sophos firewall event (outbound tcp), windows created an entry in the event viewer at virtually the same time (within a few seconds of each other).

    Each event was logged as Event ID 4672 (Special Logon) and the details section showed Sophos as the related program.

    Is the "No global rule" event related to something that Sophos itself is doing?

    Almost all of the computers on our network have logged a firewall event with the "No global rule" for outbound TCP.

    I double checked to see where the endpoints were getting their updates and each computer points back to the server.

    Any thoughts??

    Thank you for sticking with me on this problem.

    Terry

    :55416
Children
No Data
Unfiltered HTML