UTM-9 firewall rule implicit ?

i am beginner for sophos,

i saw my company's sophos there are some rules are allow and some of them are deny,

this make me confusing of not fit the allow condition will be deny, or not fit the deny condition will be allowed???

  • There is an implicit deny, so if no allow rule matches, the traffic WILL be denied.  Despite this, I've heard of various reasons why you might want a deny rule, for example, auditors might want to see it there, or maybe you want to log denied traffic to/from networks on a specific firewall rule ID rather than to the typical 60001 & 60002 rules commonly seen in the packet filter log. 

    Tim 

  • You also should study #2 in Rulz.

    Cheers - Bob

  • In reply to TimHansen:

    Thanks your help

    i am confused, lets say i have few network (192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24) connected to UTM-9, once they connected well with interface ip, they all should routable in between,

    if i added a rule 192.168.1.0/24-> allow http -> 192.168.2.0/24, 

    then that means 192.168.1.0 can http to 192.168.2.0 only, but no inverse

    no other protocol can go from 192.168.1.0/24 -> 192.168.2.0/24,

    how about 192.168.3.0/24 -> 192.168.2.0/24 ??

    192.168.3.0/24 -> 192.168.1.0/24 ?

  • In reply to Ming Cheung:

    or.....i misunderstanding

    if no any match in rules....... all other routing will be deny......

  • In reply to Ming Cheung:

    Correct.  If no allow rule matches, the traffic is denied.  If you're using Web Protection though, HTTP and HTTPS access to/from networks would be be controlled through web filtering, not through firewall rules.  

    Tim

  • In reply to Ming Cheung:

    And, you also should study #2 in Rulz.

    Cheers - Bob