Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 39 subscribers
  • Views 1673 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to ACL differ from Firewall rules

Sydney Mascarenhas

Im using the Sohpos UTM Virtual Applicance MR2 Version .. I have noticed that despite creating a drop rule for all zones, networks and services, the ACL still stands in control and firewall rules take no effect, only if the LAN Access at ACL device access is unticked only then the entire network gets disabled which should happen with the former too....

Regards...



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    Good day and thanks for reaching out to Sophos Community

    Could you confirm the direction (source and destination) of the drop firewall rule you created? 

    Device ACL is there to simplify access from zones which are enabled and disabled. Then you can use Local service ACL exception rule for those who will need to have access excempted from the device ACL. 

    Hope this helps. Have a nice day and thank you for choosing Sophos

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Raphael Alganes

    Hello 

    Yes the Direction was Source : Any Networks: Any 

                                        Destination: Any  Services: Any 

    Basically I had created a any to any to any Service and Dropped it but no effect until i disabled the the ACL lan access for dns, ping etc...Though now i have lost access to the firewall itself which i will have to reset to gain access port:4444 but this should have happened otherwise when the Any Drop rule was created ..... but now i understand that the Exception rule has to be created in ACL .... I have also heard that once a Any to Any Drop rule is created the ACL is ignored...

    Regards ....

  • 0 in reply to Sydney Mascarenhas

    Hello, 

    Yes, instead of Denying all the traffic using Firewall Rules just to restrict device access from zones, it's better to use Device ACL restriction by zone and configure Local ACL service exception for designated access.

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Raphael Alganes

    Hello there..I'm not interested actually in acl because it serves no much purpose..if acl just works that way then what is the use of firewall rules... obviously firewall rules are more complicated then jus acl ....so how do I make firewall rules take precedence over acl...

Reply Children
No Data
Unfiltered HTML