Firewall rule does not work.

Hello

 

I got a XG firewall and after I saw wierd traffic coming from a browser I added a firewall rule to block the suspicous traffic. Although the traffic still flow, it does not care about the rule. How does that can be?

The rule is added on top, and there is no other interference. I succesfully operate this firewall with all other rules working. I just cant believe that.

 

  • Hi,

    open logviewer and create a filter for the IP address of the device and see which firewall rule is allowing the traffic out.

    Ian

     

    Fixed spell checker mistake which made the sentence totally incorrect.

  • In reply to rfcat_vk:

    Thanks for your reply. The problem is that the traffic is allowed not disallowed. There is a drop traffic firewall rule on top, which is based on a IP range. The problem is that the rule stands there activated, but its just ignored by the firewall, like its non existant. I can add other rules, and they are all working as intended. Log Viewer and other tests proof it. Just this particular IP range wont get blocked by the firewall, for a reason I cant understand.

  • In reply to AussieTom:

    Tom,

    please share the firewall rules.

    Thanks

  • In reply to lferrara:

    Thanks for your reply. I will post it soon, Atm very busy.

  • In reply to AussieTom:

    Hi Tom,

    is was supposed to say which rule is allowing the traffic out. I have since corrected the post.

    Which rule is allowing the traffic out?

    Ian

  • Well it has been long time ago. But now I just ran another time in an issue with a firewall rule not working. Now I can provide full infos on this one:

    By using synchronized app control, I block pingsender.exe for example:

    But this guy still makes it through, by the firewall rule which allows outgoing traffic with an applied application rule, which should block pingsender.exe.

  • In reply to AussieTom:

    Thanks for the screenshot.

    Is decryption and scanning enabled?

  • In reply to lferrara:

    yep, https is enabled.

  • In reply to lferrara:

    The Diagnostic section -> Live activites lists pingsender, so its recoginzed, but still allowed somehow:

     

    Additonally, The synchronized app controls works in other cases. It blocks the apps without issues, just this one here gets through for an unknown reasons. Thanks for your time.

  • In reply to lferrara:

    sorry for this step-by-step answer. Just trying to provide all the necessary info.

    App path is accurate, The same as in sychronized app control loads up as shown by Procmon (sysinternals).

     

  • In reply to AussieTom:

    Just to clarify, the issue is not how to block it (windows firewall blocks it). I only have a question why this happens at all.

  • In reply to AussieTom:

    Aussie,

    can you share the firewall rules and the application filter?

    Thanks

  • In reply to lferrara:

    Thanks for your time. I updated to version eighteen and now the issue has gone. Just got another question, for which I dont want to open a new thread:

    Can you somehow stretch the window, all the scrolling is a bit annoying: