Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
Is anybody having success in using the GeoIP functionality? I am not and i find it quite frustrating.
What have i done:1. created a country group within that group f.i. Romania:
2. created a Drop rule based on the country group:
3. Have been checking logs for a couple of weeks, today i saw that there wher entries in the log showing me that traffic was allowed originating from a Romanian IP:
And this is only one example, my log is filled with more similar ones.Any thoughts on this? Is my thinking wrong, was my execution poor or are my expectations not right?
This issue is currently being investigated with internal ID NC-58436. I will update this post as soon as more information becomes available.
Thank you Peter-Paul Gras for providing support access to your firewall to collect detailed logs and packet capture.
In reply to H_Patel:
Hi Peter-Paul Gras
This is known behavior when the service is destined for the local service on the XG. The firewall rules do not come into effect for the local system. Thus to overcome this, creating a DNAT rule with source as the country group, and follow the instructions outlined in this KB Article : Sophos XG: Creating a blackhole DNAT.
The blackhole DNAT rule does the trick.Thank you very much for all you and Sophos staff did on this subject. Much appreciated.