Try to understand our "any" Firewall rules

Question

Hello, 
 I try to understand the firewall rules made on our Sophos UTM. 
 There are especially some "any" rules I don't get. 
 
 A) 
 Ruleset 1: Network1 (Network) > UDP 1434, 3478 > Server1 
 Ruleset 2: Network1( Network) > Any > Server1 
 Did I miss something or does Ruleset 2 make Ruleset 1 unnecessary? 
 
 B) 
 Ruleset 1: Network1( Network) > Any > Server1 
 Ruleset 2: Network1( Network) > Any > Network2( Network) 
 Server1 is in Network2. So does Ruleset 2 make Ruleset 1 unnecessary? 
 
 I hope you understand what I mean. My firewall skills are just medium. But this is not logical for me. But maybe I don't understand how Sophos Firewall is working.

Steve Weißflog · Accepted Answer

Yes all correct BUT try to avoid "ANY" this makes your firewall useless because if you use "any" there will be no filtering! 
 Try to be as granular as possible and configure rules for (each) service and so on... And don't forget to switch the logging on for the rules! 
 
 If you're not sure what you really need or which traffic is needed between networks: Use an any rule for monitoring traffic for a short term and find out what you really need of this traffic. If you find out traffic that is needed -> build an extra rule for that -> at the end erase the "any" rule. 
 You can also search log files and let you show the traffic of a single FW-Rule for a period of time: -> Logging&Reporting->Search log file->Firewall 
 Search for fwrule="Number of Rule" e.g. fwrule="2" if you like to see everything for Rule Nr. 2 (number of the rule is shown in Network Protection -> Firewall) 
 
 regards

Erik Puscher · Answer

Thank you, 
 that confirms my assessment. 
 Maybe the "any" rule was implemented for exact these reason an was never be disabled. 
 I was not aware of fwrule="Number of Rule" switch. That will be useful. Thanks a lot.