The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
We'd love to hear about it! Click here to go to the product suggestion community
Hi,I wanted to allow access for 4 external WAN IPs to my LAN zone computers. Here is my ruleBut after testing one app to connect no matches are increasing. Wireshark on one of LAN pcs shows that packets are coming from source ip (for example) 188.8.131.52 to 10.10.1.1. No bytes are increasing on rule however.
But will it match a packet if a connection is initiated from inside network? Because i'm not sure from where it was initiated.
Firewall is CR50iNG (SFOS 16.05.3 MR-3)
Please review again your printscreens, you uploaded. You'll gona notice theyare that small that we cannot read anything on them. So it probably can get hard to help you in any way...
In reply to HuberChristian:
In reply to AlmisMeskonis:
you have to use DNAT and not simple firewall rule.
In reply to lferrara:
Thanks,what about app requirement that for WebRTC to work i must open these ports on firewall:
1000-65000/UDP – Media (RTP/RTCP)
1000-65000/TCP– Media (RDP sharing)
Does it mean I have to use DNAT as you pointed?
If the direction is LAN to WAN, you need Network Firewall rule.
Ok,then how to allow all traffic from source IP as in picture, comming to my WAN ip as destination, because loggs says it is denied
if the traffic is still dropped, your firewall rule is wrong.
Check again and try with a simple DNAT rule to take confidence.
Try implementing the following business application rule. Enter the IPs you want to allow access from in the "Allowed Client Networks" section and in the Protected Servers add the RANGE of Local IPs you want to give access to. Also add another rule but for UDP traffic on the same ports.