Sophos XG 18.0.4 MR-4: Creating Firewall Rules For Physical Ports

Question

All of my VOIP devices are currently plugged into a POE switch. I want to connect that switch to physical Port 6 on the XG135. I bound an interface to Port 6, and set up a DHCP server for Port 6. The devices are getting DHCP leases from the new DHCP server, and can access the Internet. However, when I try to create a firewall rule for Zone LAN/Source #Port6, it doesn't capture any traffic. I can create a list of all the MAC addresses for the VOIP devices and create a working firewall rule using the MAC address list. However, how do I set up a firewall rule that captures all the traffic from internal LAN Port6 to the WAN? Thanks.

This thread was automatically locked due to age.

FormerMember · Accepted Answer

Hi William Chuang , 
 Thanks for reaching out to the Community! 
 Instead of adding the source network as "#Port6," could you try to create a network object for the subnet associated with the Port6 and use it as a source network? 
 Ensure the rule is on top and "Log firewall traffic" is selected. 
 Thanks,

FormerMember · Answer

Hi William Chuang , 
 Thanks for the update, and I'm glad that it worked for you. 
 It didn&rsquo;t work with "#Port6" because there was no network associated with it. You can double-check this under Host and services > IP host and look for "#Port6". 
 Thanks,

rfcat_vk · Answer

because port6 is one IP address not a source network. 
 Ian

Sophos XG 18.0.4 MR-4: Creating Firewall Rules For Physical Ports

Top Replies