This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Basic Guidance on Firewall Rules, Terminology and Symbols for a Beginner

I am trying to get used to the UTM using web interface and have no simple guide to the terminology and symbols.  For example on setting up a firewall rule, when an arrow points to "any" with a globe icon, does this mean any interface on the wan or does it include all interfaces including internal interfaces?

On an arrow there is sometimes a symbol which suggests a comment or something similar but not on all arrows.  This is true for red or green arrows.  What does this symbol mean?

Sorry to be so dumb but I would appreciate a basic manual reference which I can read on paper not on a screen.  Where may I find this in pdf form please?



This thread was automatically locked due to age.
  • Hello,
    don't know which arrows you mean...
    But:
    IP:ANY  means really ANY-IP - internal and external - and DMZ - and VPN - ...
    IP "Internet" means any IP behind an interface with default-gateway (WAN)
    Arrows:
    - green arrow stands for allowed
    - red stands for drop
    - yellow stands for reject (send a session reset to the source)
    If you need more/other information .. please use screenshots with comments to clarify your question



    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hello Budgie2,

    Thank you for contacting the Sophos Community.

    For some basic information on icons you can click the Help Button on your UTM and then go to Web Admin >> Buttons and Icons.

    As per the ANY here is the definition

    As per the Arrow color it would mean one of this things

    • Green = Allow: The connection is allowed and traffic is forwarded.
    • RED = Drop: Packets matching a rule with this action will be silently dropped.
    • Yellow = Reject: Connection requests matching rules with this action will be actively rejected.

    IF you want a guide with more definitions you can check this URL or use the Help Button in the UTM.

    https://docs.sophos.com/nsg/sophos-utm/utm/9.6/pdf/en-us/administration-guide-9.600.pdf

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi and many thanks for the reply.  I have noted the Help Button guides but they do not explain my query.  Here is a screen shot of the arrows in question and you can see some arrows have what might be a clip board on them, others have none.  My question is what does the symbol mean, what action put it there and where is the detail.  I still do not have any pdf of a manual.  Does that mean it does not exist?  :-

  • As explained already ... the red arrow symbolizes the "packet-drop"

    The clipboard marks the "log event" option.

    There packets are listed within filrewall logfile and fw-live-log.

    Rules without are not visible within live-log.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hi and very many thanks.  It was the logging clipboard and many thanks for the explanation.

    Many thanks to all the others who replied.  Much to learn for me here.