Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet IPv4 Predefined Host Errors, Suggestions

There are some errors in the predefined "Internet IPv4..." hosts. This list is the clearly wrong ones imho.

  1. Internet IPv4 (129-169) should be "(128-169)"
  2. Internet IPv4 (191-191.1) seems completely mislabeled, and likely incorrectly defined altogether.
  3. Internet IPv4 (192-192.0) has the range start at 192.0.1.1, but should be 192.0.1.0.
  4. Internet IPv4 (203.0-223) has the range start at 203.0.114.1, but should be 203.0.114.0

Questions/Suggestions.

  1. A consistent naming would be helpful, the first subnet in the name should be up to the last non-zero and second should be up to the last non 255. (i.e. "Internet IPv4 (192-192.88)" would be "Internet IPv4 (192.0.3-192.88.98)"
  2. I feel like Internet IPv4 (191.0.1 is a mistake, I did find someone who claimed 191.0.2-192.0.2.255 was reserved for documentation but I believe the correct would be 192.0.2.0/24. This would eliminate "Internet IPv4 (191-191.1)" and I would modify Internet IPv4 (172-191) to be 172.32.0.0-191.255.255.255. If I'm wrong about 191.0.2.0, could someone help me out with that?
  3. Having a list of BOGONS would be nice in the default config.

The foundation for my suggestions to subnet changes are based on this: Reserved IP addresses - Wikipedia

Suggestion #1 shown:

  1. Internet IPv4 (1-9)
  2. Internet IPv4 (11-126)
  3. Internet IPv4 (128-169.253)
  4. Internet IPv4 (169.255-172.15)
  5. Internet IPv4 (172.32-191)
  6. Internet IPv4 (192.0.1-192.0.1) or Internet IPv4 (192.0.1)
  7. Internet IPv4 (192.0.3-192.88.98)
  8. Internet IPv4 (192.88.100-192.167)
  9. Internet IPv4 (192.169-198.17)
  10. Internet IPv4 (198.20-198.51.99)
  11. Internet IPv4 (198.51.101-203.0.112)
  12. Internet IPv4 (203.0.114-223)

Hopefully I didn't make any mistakes.



This thread was automatically locked due to age.
  • Hi  Thank you for reaching out to the Sophos community team. Your feedback and suggestions are greatly appreciated. Those default "Internet IPv4 Predefined Host part of Internet IPv4 group" are editable so you may rename it as required. However, as you want to change those by default on the product side itself this will be considered as a feature request.

    You can use the in-product feedback in the Sophos Firewall located in the Top Menu Bar.



    OR You can also log a support case to raise a feature request which you can track it later with your channel account manager/local sales presentative or TAM.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • Hello. Thanks for your response. It makes sense that suggestions would go to feature request. I also listed a few errors in the current version of it as well. Am I wrong about those errors?

  • We will adjust some of those objects in the next version (V20.0 MR1). Stay tuned. 

    __________________________________________________________________________________________________________________