We'd love to hear about it! Click here to go to the product suggestion community
I created before the default greyed out Drop all rule a new rule to log and block all traffic. The same as this recommended post: https://community.sophos.com/products/xg-firewall/f/recommended-reads/118125/sophos-xg-firewall-v17-5-how-to-log-all-dropped-traffic-without-interrupting-other-servicesLike this:
But DNS traffic is blocked:
And https/http is not blocked:
please post a screenshot of your drop rule. I assume your deny rule is at the top of the rule list?
Is that connection using an IP or a URL?
The reason I ask is because the second report has used the http proxy.
In reply to rfcat_vk:
As requested a screenshot:
As you can see no web protection and application filtering are on, but below it isn't.
The rule is above the standard drop all rule.When the drop rule is active traffic is blocked in the webfiltering, http/s is allowed. When creating a new rule to allow traffic on http/https webfiltering stop giving me content, when enable webfiltering everything is allowed.Turning off stops the traffic flow, traffic is hitting the firewall new rule.Disabling this rule traffic is hitting the drop all rule for a couple of seconds and allows it again, and the traffic is blocked again in the webfiltering.
In reply to Rijsbol:
you do not need you drop rule, the default rule works and your setup has the possibility f causing confusion with packed flow.
Ok, i removed the rule and everything is blocked, but i can't see the blocked traffic. Only the allowed.The greyed out drop rule confused me, I there is a drop rule show it as enable and disable the delete button.
that rule was made visible by a large number of requests from forum members. It is showing that the XG drops all traffic that fails to meet a firewall rule. It is identified as firewall rule 0.
Look in. Log viewer using filters for your IP.