This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.6 Firewall not dropping incoming

I`m facing issue with firewall its not dropping specified traffic as defined in rules. Just for info web protection is completely turned off.

E.g

Traffic from google.com->ANY->internal->drop

This rule is on #1 in firewall rules but still able to access google or see ads by google ads. I`ve defined Fqdn in dns group and its fetching all ip`s related to google. I`ve also got a rule #2 to drop tafficfactory.com using Fqdn but still no luck. Fqdn is working pretty well without any issue. If i block traffic from internal->trafficfactory.com->External it does work but again its outbound. Firewall logs shows all traffic as internal ip -> public ip and src/dst MAC. I`m out of options here how to drop all inbound from trafficfactory.com.

in the image below you can see that logs only show outbound no inbound means public ip->private ip

Image below shows drop rule. Let me know if something is wrong



This thread was automatically locked due to age.
Parents
  • Hi Khalid and welcome to the UTM Community!

    You will want to consider #2 in Rulz (last updated 2019-04-17) when you enable Web Protection.  #2 will also underline Toni's comment.  Because of that, you would need to exchange the Source and Destination lists.

    google.com resolves to only a single IP - show us a picture of the Edit of the "google.com" object.

    The "Any" Service includes the others, so including them with "Any" is redundant.  Including the "Internal (Address)" object is redundant because you have "Internal (Network)" that includes it.

    You haven't said what you're trying to accomplish, just the solution that you thought might work.  I suspect that you will decide to use Web Protection.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Actually, im trying to stop certain sites from making connections. I want to block google ads from showing ads and also traffic factory from showing ads when web page loads. Most of these connections are inbound, so without using web protection. Im tring to find way with firewall to drop inbound connections from these servers.

  • They may be inbound but initiated by an outbound connection.  Use web filtering and add custom filters if needed.

  • There are so many different IPs that there's no way a Firewall solution can work.  As Jay said, your only solution is Web Filtering.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • There are so many different IPs that there's no way a Firewall solution can work.  As Jay said, your only solution is Web Filtering.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data