Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
i am beginner for sophos,
i saw my company's sophos there are some rules are allow and some of them are deny,
this make me confusing of not fit the allow condition will be deny, or not fit the deny condition will be allowed???
There is an implicit deny, so if no allow rule matches, the traffic WILL be denied. Despite this, I've heard of various reasons why you might want a deny rule, for example, auditors might want to see it there, or maybe you want to log denied traffic to/from networks on a specific firewall rule ID rather than to the typical 60001 & 60002 rules commonly seen in the packet filter log.
You also should study #2 in Rulz.
Cheers - Bob
In reply to TimHansen:
Thanks your help
i am confused, lets say i have few network (192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24) connected to UTM-9, once they connected well with interface ip, they all should routable in between,
if i added a rule 192.168.1.0/24-> allow http -> 192.168.2.0/24,
then that means 192.168.1.0 can http to 192.168.2.0 only, but no inverse
no other protocol can go from 192.168.1.0/24 -> 192.168.2.0/24,
how about 192.168.3.0/24 -> 192.168.2.0/24 ??
192.168.3.0/24 -> 192.168.1.0/24 ?
In reply to Ming Cheung:
if no any match in rules....... all other routing will be deny......
Correct. If no allow rule matches, the traffic is denied. If you're using Web Protection though, HTTP and HTTPS access to/from networks would be be controlled through web filtering, not through firewall rules.
And, you also should study #2 in Rulz.