This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Not Blocking Traffic to Cable Modem (192.168.100.1)

To prevent exploits like Cable Haunt, I created a firewall rule to block access to my cable modem's internal interface, 192.168.100.1.

Source: Any <> Services: Any <> Destination: 192.168.100.1 <> Action: Drop

but I'm still able to reach the cable modem's web interface.

My LAN is 192.168.0.0/24 is masqueraded to my cable modem external interface.

What am I missing?

Thx

This thread was automatically locked due to age.

0 BAlfson over 4 years ago

What are you doing from where when you are "still able to reach the cable modem's web interface?"

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 dirkkotte over 4 years ago in reply to BAlfson

First answer Bobs Question.

Next, the WebProxy could interfere.
This cannot be blocked by firewall rules.
if a transparent web proxy is in use, you have to create a proxy exception.
(WebProtection/FilteringOptions/Misc/Transparent Mode Skiplist ... but uncheck "Allow HTTP/S traffic for listed hosts/nets")

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel
0 busthead over 4 years ago in reply to dirkkotte

"still able to reach the cable modem's web interface" = web browser -> cable modem's web interface.

Adding cable modem host (192.168.100.1) to "Skip Transparent Mode Destination Hosts/Nets" did the trick.

Can you please explain why/how a Transparent mode Web Filtering config (layer 7) permits packets to bypass the firewall (layer 3)?
Cancel
Vote Up 0 Vote Down

Cancel
0 dirkkotte over 4 years ago in reply to busthead

firewall and proxy are functionalities that are next to each other, not one after the other.

compare the packet flow diagram within this post: https://community.sophos.com/products/unified-threat-management/f/general-discussion/22058/flowchart-trafficflow-through-the-utm

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel
0 busthead over 4 years ago in reply to dirkkotte

Maybe in a high-level diagram the two functionalities are "next to each other" but the packets are not being processed by both the firewall and the Web Filter concurrently.

This is either a very strange architectural design choice or a bug.

Can someone explain to me why a firewall rule blocking all IP traffic to host X wouldn't block HTTP requests to web server on host X? i.e. why is layer 3 not processed before layer 7?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 4 years ago in reply to busthead

See #2 in Rulz (last updated 2019-04-17).

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel