Hello!
After v18 Upgrade I'm having a grey rule.
Someone have the same issue?
I can't do anything...
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi cyberguy
8) What is the new disabled “Drop ALL” rule at the bottom of the firewall rule table?
The default drop rule provides a visual indication to user/admin that if none of the firewall rules gets a match, traffic will be dropped.
You reported about two specific challenges that admin faces in v17.x.
Currently, the logs that you see with firewall rule id ‘0’ are NOT for the traffic dropped by Drop ALL rule. In later EAP releases, we would replace them with “N/A” as those are for the traffic dropped before the firewall rule matches – for example – invalid traffic. And actual logs for traffic dropped by Drop ALL default behavior will be available in the release post v18. Meanwhile – as a workaround, one can add a drop rule at the bottom to log the dropped traffic not matched by any other firewall rule.
For more info - https://community.sophos.com/products/xg-firewall/f/recommended-reads/116102/understanding-new-decoupled-nat-and-firewall-changes-in-v18
Regards,
Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hi cyberguy
We glad that we could help you, please reach out to us for any further assistance.
Regards,
Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hi cyberguy
We glad that we could help you, please reach out to us for any further assistance.
Regards,
Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hey Keyur,
you are saying that the bug in the default drop rule has been fixed, so we can remove our temporary default drop all rule?
ian
XG115W - v20.0.2 MR-2 - Home
XG on VM 8 - v21 GA
If a post solves your question please use the 'Verify Answer' button.
Hi rfcat_vk
Could you please the details on bug or bug id or any relevant information? It would be helpful to check your requirements further.
Regards,
Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Just to be clear.
This Rule "does nothing new". This is a simple visibility Rule, to give the Administrator the "true" rule set.
This rule shows the administrator, at the end of the ruleset, there is a implicit deny.
V18 does not create a new Rule. It simply shows you, there is a Rule 0 at the End of the Ruleset.
This rule does NOT log Traffic as this KB indicates:
This Rule is still needed to show the Logging of Rule 0 Traffic.
There is more work to do, to log the Traffic as mentioned by this Rule.
__________________________________________________________________________________________________________________