Firewall configuration and precedence

Question

Hi, 
 Could someone explain me how to achieve this: 
 Allow all outbound connection to Microsoft servers but deny inbound connection to SMB, RPC, and all other vulnerable services. 
 ATM I tried to: 
 - Uncheck NetBIOS and trusted for all local LAN (LAN tab), Allow all TCP and UDP outbound connection ("Global Rules" tab) 
 Result: Cannot map server drive 
 - Check NetBios (Uncheck Trusted) for all local LAN (LAN tab), Block all inbound connection (with high priority checked) on concerned ports (TCP/445, UDP/445, TCP/139, TCP/135, etc..) ("Global Rules" tab) 
 Result: Can map server drive but other computers can also map the computer drive 
 Nmap result: Scanning computer (x.x.x.x) [1000 ports] Discovered open port 445/tcp on x.x.x.x Discovered open port 3389/tcp on x.x.x.x Discovered open port 139/tcp on x.x.x.x Discovered open port 8193/tcp on x.x.x.x Discovered open port 8194/tcp on x.x.x.x Discovered open port 8192/tcp on x.x.x.x 
 NB. Applications tab have only outbound rules or generic one Process tab is empty 
 I don't get it... what's the problem? 
 Thanks, 
 Hugues

QC · Accepted Answer

Hello Hugues, 
 the SEC Help contains a section on the order in which rules are applied - LAN takes precedence over Global Rules. 
 Christian

Hugues D · Answer

Hi again, 
 Ok only way to go is then to remove all defined LAN and uncheck "Block file and printer sharing for other networks". This way we rely only global rules. 
 According to how Sophos work, the cleanest solution would then have been to have a NetBIOS IN and OUT selection. 
 Thanks, 
 Hugues