Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Drop rule shows Accepted traffic in firewall AND proxy.

Referencing this: https://community.sophos.com/sophos-xg-firewall/f/discussions/125695/bug-drop-rule-reporting-allowed-connection-in-logs

And this: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/LogViewer/Logsbehavior/index.html

And there are many others...

I understand that when proxy is enabled, and you drop traffic, it will be accepted by the firewall but rejected by the proxy...

I do not always see this case and I am wondering why..

The rule in question is:

Simple drop rule.

It is located here:

Note rule #19 is the rule in question.

As expected, the firewall log shows accepted traffic:

But when I go to the web filter

( )

I see this:

Note that both are rule 19, but some are allowed and some denied.

You can see the detailed info of an allowed packet:

and one of a denied one:

I see the allowed one has an exception, but my rule has none. I am trying to understand how this specific rule is being evaluated.

Thanks for your help



This thread was automatically locked due to age.
Parents
  • Hi,

    there are default exceptions in the web tab which could be affecting your rule behaviour.

    I was given an explanation for this behaviour and was not happy with it. Does the connection actually occur?
    ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi,

    there are default exceptions in the web tab which could be affecting your rule behaviour.

    I was given an explanation for this behaviour and was not happy with it. Does the connection actually occur?
    ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data