Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

Firewall Subnets on LAN

I would like to get an opinion on firewalled subnets for security. This would be LAN subnets only. Subnet A is servers and subnet B is desktops. Subnets A and B have outbound internet access only. Subnet B (desktops) need to access Subnet A (Servers). All computers on both subnets are firewalled and only the ports needed are open on the computer. What would the advantage be to firewall the subnets at the Sophos as well? For Example, a rule that says Any on B could access SQL Server on 1433 on subnet A. Another that says Any on B could access the DNS server on 53 on subnet A.

The only advantage I see is you are restricting or steering just the specific access needed to the respective server for that role. Without adding the firewall rule, the server is still firewalled. What would be considered best practice? Would it be to add the additional layer at the firewall?

Added TAGs
[edited by: Raphael Alganes at 5:33 AM (GMT -8) on 12 Feb 2024]