Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
wenn I try to edit or change a service in a existing firewall Rule I got the massage "Service cannot be updated. It is currently being used in Business Application Rule(s)"
So everytime I have to remove the service, safe the rule an now I can edit the service. This workaround is very annoying.
My Customers appliances are on Version SFOS 17.0.5 MR-5 and I think the problem exists since version 17.x.x
Yes, since static Ports it was converted to Services Objects the management it is terrible.
- To upgrade a service objects, it is needed remove from Business Application Rule, upgrade Service Object and after this add again on Business Application Rule
- On Business Application Rule list, it is impossible to know (when you move mouse over rule) which ports are being used in rule. (it is needed check Service Objects to check the ports)
IMHO the old method (fill the ports in usiness Application Rule) it was more more easy and less complex. THis current way require a lot of effor to a simple acction.
In reply to Carlos Cesario:
Wow, this is terrible. Wenn I have a Service Object which is part of 10 or more Objects I have to remove it from all the Rules.
This can't we the way!!!
In reply to Christian Braunisch:
Ran into this bad behavior in SFOS 17.0.8 MR-8. Anyone know if it's on the roadmap yet to be improved in newer versions?
In reply to momentum:
I'm bumping this as well. There is no way that you should have to disable every single rule to make a simple service rule change. Why was this considered acceptable in development?
The other question is, why does it allow you to edit the service if it knows you are using it elsewhere and it's not allowed, not even from the rule you are using it with?
I have the same issue. I have a lot of rules that I would like to make port changes to and it is very inconvenient to have to change each one, one by one. It would be way easier to just edit the service port since it is the same for all the rules.
I think there is still a lot that needs fixed so it is easy to manage and not so tedious.
In reply to Bradley Bengel:
More than a year later and this problem still persist.
It's very very very annoying, why should I remove the service from multiple firewall rule risking to forget to add it back to some rule?
I tried to edit the rule originally created from the template Email Servers(SMTP) and I have to confirm that it is not really possible add/change/remove ports in a Business Application Rule. As you describe, myloweslife you can add another service/s and then delete the original service/s ( after you replace it with another service/s) but the original service/s can not be edited in any way.
And I’m also running beta 2.
Could someone else confirm what Franc found out, resp. that editing this type of firewall rules should not work this way?
I think it is clearly a bug.
We've recently just moved over to Sophos XG's and found this problem as well. Was there any official response from Sophos regarding this?
In reply to Sam Kirk:
Just forget about Sophos XG, it has soooo many limitation that it's such a PIA to manage it!
In reply to relreini jeweini:
yes its really a bug,i had already tried to create a template from my website securitasepay but it was failed and you can add another services and can remove the original services
I have the same issue. I have a lot of rules that I would like to make port changes to and it is very inconvenient to have to change each one, one by one. It would be way easier to just edit the blackmart apk port since it is the same for all the rules.
Hi Christian Braunisch Please refer to the URL- https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/35636707-edit-a-service-object-that-is-in-use-without-remov
As you describe, you can add another service/s and then delete the original service/s ( after you replace it with another service/s) but the original service/s can not be edited in any way.
In reply to Rosiba pandey:
I also faced the same issue. I to have instructions but I was failed to make changes and it is very inconvenient to have to change one by one. It would be way easier to just edit the port since it is the same for all the rules.
I have a great deal of decides that I might want to roll out port improvements to and it is badly arranged to need to change every one, individually. It would be route simpler to simply alter the administration port since it is the equivalent for all the guidelines thesoarmedia