Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rule corruption when using groups

I have been running into this problem ever since the group concept came out a few years ago. 

I often run into situations where creating new firewall rules or modifying existing firewall rules causes either the new rules or modified rules to not work or other random rules to not work.  What I normally do to resolve this is start detaching rules from groups and add them to new groups.  I have called sophos support many times on this issue, but unfortunately they are not equipped to deal with corruption.  Sophos support, in my experience can only handle issues with user misconfigurations and not actual problems. Has anyone else run into this?  Would be nice if groupings could work better.  It appears that the actual order of rules often does not match how they are graphically displayed.  I have seen rules at the bottom (in a group), take precedence over an un-grouped rule at the very top.  Happened just today.  Solution was to take those rules at the bottom and detach them from their group.  This is on the very latest firmware.  BTW.  Just wondering, has anyone ever upgraded firmware and had that upgrade fix anything?  My experience is that firmware upgrades break things.  Has been my experience for 99% of all firmware updates in the history of the XG.  We have used the XG at many sites from the beginning.  Oh how I miss the UTMs.  Sorry, I am clearly not a fan of sophos, but stuck with it. 

 



This thread was automatically locked due to age.
  • Can you comment on your history of this firewall (backup)? 

    Came this firewall setup from a migration of a SG backup?

     

    Sounds like your Backup / running config has some issues.

    There are "ways" to find this root cause.

    Check the /log/firewall_rule.log if this issue appears. XG will write down, if something is not be able to write.

    Most likely there is some rule broken in your setup (who knows why), this rule is crashing other rules and with the detach, you load this particular rule once again into the firewall rule set.

     

    __________________________________________________________________________________________________________________