How to find a specific firewall rule?

Trying to delete a IP host record. I get an error:
"Host could not be deleted. Firewall rule exists for the host"

How do I find, which firewall rule is the one in question?

  • ps. cant post on this great forum with chrome.

    With IE, I get an error


    "An error occurred. Please try again or contact your administrator. "



    .......... aaaaaand

    "Your posting frequency has exceeded allowed rates. Please wait 5 minutes to post again. "

    for real guys....

  • In reply to Kari Hyvönen:


    I get the first error, have been for about a week since I moved to a new mac. Both safari and FF, haven't tried chrome. I ignore the error because I have no indication as to what it is referring to.


    Are you using clientless or similar. Did you create an IP address when you were setting up your firewall rules?

  • In reply to Kari Hyvönen:


    you need to perfom these steps:

    • from the GUI, go to Host and Services > IP Host and they write down the hostname (for example iPhone)
    • connect to XG cli > option 5 > option 3
    • type: psql -U nobody -d corporate
    • type: SELECT * FROM tblhost WHERE hostname='iPhone'; (please respect the upper and lower case
    • Write down the hostid number (in my case is 11)
    • type: SELECT * FROM tblfwsource; to check if the hostid is here (this is the source FW rule table)
    • type: SELECT * FROM tblfwdest; to check if the hostid is here (this is the destination FW rule table)

    in one of these 2 last tables you should find the relations hostid (11) and fwruleid (xxx). This id corresponds to Firewall rules inside the GUI. If the rule is still there, delete it, otherwise you need to delete the row using postgresql commands.

    Let us know.


  • In reply to lferrara:

    This is the most user-hostile approach I've ever seen in the firewalls.

    Here's a suggestion: How about showing the rule name in the error message? And maybe even link to it?

  • In reply to Kari Hyvönen:

    Uhm....what I have to say about it?

    I created this feature request long time ago...Showing at the least the ID is a good starting point....

    Add you own comment and vote it.


  • In reply to lferrara:

    Sorry Luk, my rant wans't for you but for Sophos. I've completely fed up with these POS boxes.

    Given that you have already created the feature request 2,5 years ago I think it's not coming, but I'll vote anyway.

    I'm tasked to clean up our firewalls and I have hundreds of IP hosts to go through. I guess it's just easier to trash these and go for something that works and start over.

  • In reply to Kari Hyvönen:


    I am still using XG at home and on small installation. Standard things to do are a dream on this box....You are more than right!

    I am looking at next version...for the moment, it is still not enterprise ready....