Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 5923 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Interface based firewall rule for ospf

Jim Harold

 Looking for a way to allow all traffic on an entire interface. We have a MPLS network with roughly 100 networks advertised so I would like to create an allow rule for the whole interface so I don't have to keep creating network definitions for each one on all firewalls as we grow or change. We currently use old cisco switches to do this but I want to see more info on the traffic passing through the MPLS so I'm looking to move the MPLS connection out to the firewalls. So simple end result is to allow all traffic on 'eth4' but still monitor for malicious traffic.



This thread was automatically locked due to age.
  • 0

    There is no such rule available in WebAdmin, Jim.  There are some solutions, but knowing which direction to send you would require knowing more about your overall setup in detail.  Does your Sophos partner not have an ability to give you guidance here?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    We are the partner but new to the platform. I should probably just call support but I like having this available for others who may have the same issue.

     

    We have a MPLS on E4 that uses OSPF to distribute routes to and from all other sites. The routing portion is working great but having to add all company networks to every firewall to create an allow all firewall rule is very time consuming and defeats the purpose of the ospf. I would like to create a rule for the interface itself or set the interface to a LAN zone like in the new XG series.

  • 0 in reply to Jim Harold

    I know this can be done with iptables commands, Jim, but I'm not sure where the INPUT and OUTPUT ACCEPT commands would go or whether that change would have to be a cron job after each reboot.  If Sophos Support gives you a trick for this, please ask them if you can share the solution with us here.

    Have you considered managing this client's UTMs with SUM?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML