Upgraded a paid of 6500 XGS to 19.5 GA last week without incident. However I've now noticed that any changes I make to the configuration of the firewall do not appear to affect it's operation. To troubleshoot\confirm this I've tried:
Disabling SSL/TLS inspection - still get entries in the logs for this and it appears to still be 'on'
Created an any/any rule for a specific host for outbound traffic with only logging enabled and placed it at the top of the rule list. Firewall logs show traffic still being handled by the usual egress rule but policy tester suggests the new rule should be in play.
Also noticed no effect when adding URLs to particular groups or categories, even though they appear correct in the configuration.
Anyone seen anything similar to this? It's very odd.
Thank you for contacting the Sophos Community.
For the SSL/TLS, did you turn it off completely (Rules and Policies > SSL/TLS inspection Rules > Advanced Settings > SSL/TLS Engine = Disabled?
For the Firewall rule, did you clear the conntrack entry for the specific IP ( e.g # conntrack -D -d 10.2.9.8)? Instead of using ANY ANY, can you create one Firewall rule for a specific IP put it on the TOP and see if that works?
Thanks for the reply.
Yes SSL/TLS inspection rules were completely turned off but continued to function.
Firewall rule was as you suggested, I described it badly.
Conntrack shows no entries for that IP as source or destination.
I may try a failover/reboot later on when it is more convenient for remote users but I'm definitely stumped!
Reboot made the rule start to work.
Thank you for the update.
If the issue resurfaces, open a case with support and share the Case ID with us. Feel free to share this link in the ticket.