Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Changes having no effect on 19.5 GA

Hi,

Upgraded a paid of 6500 XGS to 19.5 GA last week without incident. However I've now noticed that any changes I make to the configuration of the firewall do not appear to affect it's operation. To troubleshoot\confirm this I've tried:

Disabling SSL/TLS inspection - still get entries in the logs for this and it appears to still be 'on'

Created an any/any rule for a specific host for outbound traffic with only logging enabled and placed it at the top of the rule list. Firewall logs show traffic still being handled by the usual egress rule but policy tester suggests the new rule should be in play.

Also noticed no effect when adding URLs to particular groups or categories, even though they appear correct in the configuration.

Anyone seen anything similar to this? It's very odd.



This thread was automatically locked due to age.
Parents
  • Hello there,

    Thank you for contacting the Sophos Community.

    For the SSL/TLS, did you turn it off completely (Rules and Policies > SSL/TLS inspection Rules > Advanced Settings > SSL/TLS Engine = Disabled?

    For the Firewall rule, did you clear the conntrack entry for the specific IP ( e.g # conntrack -D -d 10.2.9.8)? Instead of using ANY ANY, can you create one Firewall rule for a specific IP put it on the TOP and see if that works?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • Hello there,

    Thank you for contacting the Sophos Community.

    For the SSL/TLS, did you turn it off completely (Rules and Policies > SSL/TLS inspection Rules > Advanced Settings > SSL/TLS Engine = Disabled?

    For the Firewall rule, did you clear the conntrack entry for the specific IP ( e.g # conntrack -D -d 10.2.9.8)? Instead of using ANY ANY, can you create one Firewall rule for a specific IP put it on the TOP and see if that works?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children