my network exposed

hello

today i tried to ipscan my network with a very larg range to check my network, the result shows there are many ranges that i am not aware of and they are not in my network, i ping them and i was able to run some ips in the browsers shows they are switches but not in my network, i took off my internet connection and they disappears which mean they are outside, i took my pc and plug it side by side with sophos and i was able to view my entire network. moreover, i made the rule to use only http and https protocols and still i am exposed, i cant ping anything inside my network but i can see them. how come i can scan my network and sophos let me go out side and the same to when i am outisde shows what is inside?

looking for your reply

Added TAGs
[edited by: Erick Jan at 11:27 AM (GMT -7) on 11 Sep 2023]

Top Replies

Erick Jan 10 days ago +1 verified

Hi Feras, Thank you for reaching out to Sophos Community. I would recommend reviewing your Firewall rules and ensuring you have properly placed a blocking rule or kindly check if there are any Allow…

Parents

+1 Erick Jan 10 days ago
Hi Feras,

Thank you for reaching out to Sophos Community.

I would recommend reviewing your Firewall rules and ensuring you have properly placed a blocking rule or kindly check if there are any Allow any rules that are causing any external access inside your network.

You may also check the Log viewer to troubleshoot the issue.

For best practice, kindly see the following KB

Sophos Firewall: Best practices
Erick Jan
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel
0 Feras Alkhfajy 10 days ago in reply to Erick Jan

hello,

thank you for your reply, i have chose http/https protocol only and when i test my policy still i can see both sides, can you tell me what protocol is used in scanners?

regards
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 PhilippRusch 10 days ago in reply to Feras Alkhfajy

Hello,

can you show as a little diagram to understand from where you are scanning when say you "plug it side by side with sophos" ?

And what exactly do you mean by using "a large range" ?

Can you show us a sreenshot of your scanning results?

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 rfcat_vk 10 days ago in reply to Feras Alkhfajy

Hi,

I would suspect that you have an any zone, any source network, any destination zone etc firewall rule?

Ian

XG115W - v19.5.3 mr-3 - Home

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Feras Alkhfajy 10 days ago in reply to PhilippRusch

hello,

thank you for your reply, side by side means on the same switch with sophos as i have a range of public IPs i made a scan from outside my network including my network range and it showed my my PCs, names, mac address.

large range means i took a sample to scan from 192.168.0.0 to 192.168.250.250 just and actually my network is 192.168.8.*

i found our one rule was causing that issue but i couldnt figure out what protocol ip scanner use.

regards
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Feras Alkhfajy 10 days ago in reply to PhilippRusch

hello,

thank you for your reply, side by side means on the same switch with sophos as i have a range of public IPs i made a scan from outside my network including my network range and it showed my my PCs, names, mac address.

large range means i took a sample to scan from 192.168.0.0 to 192.168.250.250 just and actually my network is 192.168.8.*

i found our one rule was causing that issue but i couldnt figure out what protocol ip scanner use.

regards
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Erick Jan 10 days ago in reply to Feras Alkhfajy

Hi,

Are you referring to the following?

Given a range of IP addresses to scan, the network IP scanner conducts a sequential scan on each of the IPs using Internet Control Message Protocol (ICMP) ping sweeps or Simple Network Management Protocol (SNMP) scans to discover the network entities within the given constraints. Address Resolution Protocol (ARP) tables can also be used by the scanner for conducting neighbor scans or device rediscovery.

blogs.manageengine.com/.../the-what-why-and-how-of-using-network-ip-scanners-in-ip-centric-it-infrastructures.html

Erick Jan
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel