Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1759 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Vulnerability device scanning block using XG firewall

Mike Fox

Once a year for our vulnerability scanning we have a device which is used to probe the internal LAN network to run a vulnerability scan. Having recently installed a Sophos XG firewall we have set the firewall rules so that security heart beat is on and if no heartbeat then block connection.

Am I correct in thinking that as this is connected to the LAN and will attempt to make an outgoing connection to the internet in order to start its scan, that this will be blocked by the firewall as an unrecognised device and so should be prevented from making a connection to the internet. 

My second question is provided that it can run a scan in any case, if it has no heartbeat will the firewall prevent device to device scanning via the switch or as I suspect any probing by the device through the switch would continue unhindered by the firewall and carry on regardless?

Thanks

Mike



This thread was automatically locked due to age.
Parents
  • 0

    Hi Mike,

    If this scanner will be plugged into the LAN and needs to go out to the Internet, I suggest creating an exception for this device by creating a firewall rule on top of your firewall rule that requires heartbeat. Source network would be the IP address of the scanner and do not enable Security Heartbeat.

    As per your second question, device to device scanning will be unhindered by the firewall as long as it is within the same zone/LAN as it shouldn't hit your firewall.

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Reply
  • 0

    Hi Mike,

    If this scanner will be plugged into the LAN and needs to go out to the Internet, I suggest creating an exception for this device by creating a firewall rule on top of your firewall rule that requires heartbeat. Source network would be the IP address of the scanner and do not enable Security Heartbeat.

    As per your second question, device to device scanning will be unhindered by the firewall as long as it is within the same zone/LAN as it shouldn't hit your firewall.

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Children
No Data
Unfiltered HTML