Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

Outage on MySophos and Partner Portal. You may contact Sophos Support through Phone.

Multiple LAN firewall rule

I am trying to find a simple firewall rule where all LAN ports can see other LAN ports.  Each LAN port assign their own DHCP subnet mask


LAN1 -

LAN2 -

LAN3 -

LAN5 -

LAN7 -


I can make firewall rule LAN1/ANY/LAN2 then LAN2/ANY/LAN1 and goes on to LAN7 but it is silly to make 50 rules..  I even tried LAN1-7/ANY/LAN1-7 and it worked one way not other way...

I need to make sure any LAN can see any LAN

  • Hi  

    For context, are all of your LAN ports part of the same LAN Zone?

  • In reply to FloSupport:

    Yes all LAN ports are on same zone

  • In reply to Brandon91:

    Basically you can use LAN to LAN as a zone based rule. 

    If you want to be more specific, you need to go back to the whiteboard and think about the structure. 

    XG will drop if it does not find any matching rule and uses first match rules.


    So you can do following:


    LAN to LAN with LAN1 to LAN2 with ANY Services allow

    LAN to LAN with ANY to ANY with Service DNS allow


    So LAN1 to LAN2 can talk with any services. And All LANs can talk with DNS to each other. As a example. 

  • In reply to LuCar Toni:

    "LAN to LAN firewall rule. Source Network, Destination Network and Services set to Any" solved my question.   Thank you.