This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New interface and how to block traffic from lan

Hi,

 

Internal LAN is 192.168.157.0/24 and the new interface added is 192.168.158.0/24.

Our Sophos SG 125 has 192.168.157.70 ip

I´d like to block all traffic between LAN and   192.168.158.0/24 but the existing rule rejecting all traffic does not work ping, telnet and more is allowed

 

Why this situation?

 

Regards



This thread was automatically locked due to age.
Parents
  • Edgar, it sounds like you may be using the "Any" Network object instead of the "Internet" object in your firewall rules.  You shouldn't need to explicitly block traffic between the two subnets as it will be default dropped if not explicitly allowed.

    Also, pinging is regulated on the 'ICMP' tab of 'Firewall' and is not included in the "Any" service object.  I thought that the devs changed the selections 'Gateway forwards pings/traceroute' to not include ping/traceroute between all UTM interfaces, just those that go out an interface with a default gateway.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

     

     

    Even using Internet object there is still traffic between LAN interface and the new interface. Only one masquerade rule defined new_interface->WAN

     

    What is wrong?

     

    Regards

Reply Children