Search of firewall rules.

How can I search the firewall rules for IPs and/or Networks?

We are currently switching from fortigate and entering an IP in a seach dialog results in displaying all rules which contain the IP or including networks.

Is this really not possible on an XG or am I missing something? This should be not to difficult to implement ...

  • Hi BeEF, 

    Can't you just do a search (top right) for the string?

     

     

    You can also filter by source/destination IP with the 'add filter' option. 

  • Hi,

    As you are familiar with Fortigate and now switching to Sophos so it may take some time to understand the GUI and options such as hidden opening. The SOPHOS XG firewall is having a RULE filter option on the TOP of Firewall Section. 

     

    You can filter With Source ZONE, Destination ZONE, Rules type, Status of Rule and you can search with Rule ID. The SOPHOS does not have a search with an IP address. 

  • In reply to MasterRoshi:

    Hello MasterRoshi, I did not want to search the logs. I wanted to search the ruleset.

  • In reply to BeEf:

    Ahh, apologies, I totally misread your question.

    This is something that is on the roadmap (the ability to find where objects are used). No ETA yet. 

  • In reply to Deepak Verma:

    Hello Deepak Verma,

    thanks for your answer. Yes I was aware of that. However in my opinion this is not enough. 

    If you have a large number of firewall rules you want to be able to search

    1)

    - for IP Adresses

    - IP Ranges that contain these adresses

    - Groups of IP Adresses or IP Ranges that contain the IP Adresses you are looking for.

    2)

    - for IP Ranges

    - Groups of IP Ranges that contain your IP Range (either as a list member or a subnet)

    For me these are necessary functions for administrating the firewall - at least if the ruleset has a certain size (starting at 20+ rules) and complexity

     

  • In reply to BeEf:

    I am using for such tasks the Policy Tester.

    Entering the IP you want to search and the port and lookup which firewall is matching.

    Basically Delete all "unused" firewall rules, so you have only used firewall rules and use the filtering to have a overview. 

    Works quite well, if you have a good structure in the first place. 

  • In reply to BeEf:

    Hi,

    I agree with you. I know that this feature in the development state but there is no ETA confirm from the SOPHOS team. A couple of days ago, I have spoken with Sophos India team on some other features also. You will see a big change in the V18 (I Hope).

    But meanwhile, you can use Policy Tester for the same. 

  • In reply to Deepak Verma:

    Hi, thanks for your answer. Hopefully this get realized sooen.