Not possible to use External interface definition in SUM?

What happens if you use "Any" instead of "External (Address)" in the rule?

Cheers - Bob

I tried that, thinking surely it would work but it didn't.

Please show a picture of the firewall rule that "didn't work" and say what you observed.

Cheers - Bob

Image is attached below. Let me know if this didn't insert correctly and I will upload to imgur or something similar.

The top part shows the rule I created inside of SUM (there is no default service definition for ping, so I copied the default definition for it from UTM)

I pushed this rule to the firewall using 'Any', but pings were still rejected as can be seen in the middle image (i am remotely controlling one of our management servers there and showing the firewall logs showing the ICMP traffic being blocked with the 'Any' rule pushed from SUM)

Finally on the bottom image is where I create a manual rule to allow pings from the same 3 hosts (they are put into a network group in this rule) going to the default 'WAN (Address)' instead of 'Any'. As you can see this rule is at position #10, beneath the #1  rule that SUM pushed.

the Sophos UTM is an SG125 running Firmware version:        9.508-10

the SUM server is running Firmware version:        4.307-4

Thanks for testing.  Now this seems like the ping is in the INPUT chain, but the traffic selector in the SUM rule doesn't apply when using "Any" in 'Going to'.  My last idea is to use "Internet IPv4" instead as it is bound to the External interface.  Any better luck with that?

Cheers - Bob

Just tested, same result. With "Internet IPv4" or "Any" as the destination the ICMP traffic is still blocked.

Yup - the traffic just doesn't qualify for the Selector.  I see no way around having to do something remotely instead of with SUM.  An explicit rule using "WAN (Address)" in each would be the clearest.

An alternative that I'm pretty confidant would work would let you make the rule in SUM.  Create a DNS Host object "Public IP" in each UTM that use the FQDN of the particular machine and is bound to the WAN interface.  Then, use a Traffic Selector in SUM like '{Hosts} -> Ping -> Public IP'.  Any luck?

Cheers - Bob
PS This last suggestion would seem to conflict with #3 in Rulz, but doesn't because of #4.

I think you are correct, I think that would work but not for our use case. What I'm trying to accomplish is a quick way to push the rule from SUM, if I have to log into each firewall to create the network definition I might as well create the firewall rule as well. Many (but not all) of our clients have numerous WAN interfaces for failover purposes so ideally we'd like to have the interface set as 'Uplink Interfaces' so that it could match any of the public IP addresses. Also I was unable to locate the 'Traffic Selector 'section in SUM, I do see it in UTM under the QoS section but SUM does not appear to have it.

Traffic Selector is a term used in most places in SUM/UTM to mean the combination of 'Source -> Service -> Destination' in the header of a packet.

What you want to do is a reasonable request if you generally want to block pings, so you might consider offering a suggestion in Ideas.

I allow Ping and Traceroute for all of my clients because I think the bad guys don't bother with it anymore because they all have such powerful computers and the Internet is so fast.  They know some folks block ICMP, so they just go straight to port scans.

Cheers - Bob