Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 3185 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Changing Default IP address & Configuring Management Port

Reem Jalal Eddine

Hi, 

I am new to sophos firewall world. Yesterday, I discovered that my firewall is still accessible using the default ip address that was assigned for initial configuration. I have discovered that Port 1 has this IP but there is no ethernet plugged in so basically it is not active. I took a step and changed the ip address of it however, some of the firewall rules stopped working and we lost access to the firewall as well as other services, which is kind of weird. I saw that port1 is part of a zone, however it is not a vlan or part of a bridge. Will that be the issue? If I remove it from the zone and change the ip address would that be ok? 

Also, I want to set an ip address to the management port and make it active now am afraid if i do so it is going to ruin my flow as well. Should I add the port to an existed zone or create a new one?

Thank you 



This thread was automatically locked due to age.
Parents
  • 0

    Essentially this sounds like ARP FLUX. https://shradha741.medium.com/the-arp-flux-problem-3a4c92157f79

    SFOS will respond to ARP requests for "every interface" within itself. So to speak: If you are connected to Port2 and send a ARP Request for 172.16.16.16, the Firewall will answer. 

    We will essentially fix this in the future, if you do not want this. 

    But usually a client is not requesting such IPs all the time. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    But isnt having the default ip configured could be considered a security breach? 

  • 0 in reply to Reem Jalal Eddine

    If a firewall is reachable via LAN (172.16.16.16) nothing will happen in this stage. It is just the reachable part. You should look into hardening your firewall:  Hardening Your Sophos Firewall 

    But essentially it is not a security breach, if you firewall is reachable. It is the same level of reachable like you check your default gateway and then try to access the default gateway. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    alright thank you, I am just wondering also even if the port is not active and not plugged it still cause the ARP flux? Also, would it be ok to configure now the management port or also this will cause any disruption? Should I create a completely different zone for it and allow lan rule connection to it or should I include it in LAN zone? Sorry asking alot. Still new to the system and it is already preconfigured.

  • 0 in reply to Reem Jalal Eddine

    You can configure an Interface with another IP, it should not be the same Network Subnet, but any kind of other interface subnet is totally fine. 

    __________________________________________________________________________________________________________________

Reply Children
Unfiltered HTML