This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rules and policy

Hi, I am wanting to block the IOT network (xxx.xxx.5.xx/24) from pinging the default gateway of other networks so created a firewall rule to do so however when testing, devices in the IOT network are still able to ping the default gateway of other networks. I have also used the policy tester to test this and it is not picking up the firewall rule.

I have tried putting the firewall rule at the very top to make sure that it would pick it up.

I have attached images of the firewall policy created. Any help would be much appreciated.

This thread was automatically locked due to age.

Top Replies

PhilippRusch 5 months ago in reply to emmosophos +1

This is meant here:

Parents

0 emmosophos 5 months ago

Hello there,

Thank you for contacting the Sophos Community.

I recommend that you create a separate zone for the IOT devices instead of using Source Zone Any and disable PING from the ACL for this new zone.

ACL has precedence over the Firewall Rules.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 PhilippRusch 5 months ago in reply to emmosophos

This is meant here:

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel
0 Charlie Dodd 5 months ago in reply to PhilippRusch

Ok thank you. By doing that will that disable pings altogether on that network? For example, would the LAN Zone still be able to ping devices in the IOT network if that setting is disabled?
Cancel
Vote Up 0 Vote Down

Cancel
0 Prism 5 months ago in reply to Charlie Dodd

Charlie Dodd said:
Ok thank you. By doing that will that disable pings altogether on that network? For example, would the LAN Zone still be able to ping devices in the IOT network if that setting is disabled?

It will only disable ping to the Firewall, It won't affect the devices within that zone.

If a post solves your question use the 'Verify Answer' button.

Ryzen 5600U + I226-V (KVM) v21 GA @ Home

Sophos ZTNA (KVM) @ Home
Cancel
Vote Up +1 Vote Down

Cancel

Reply

0 Prism 5 months ago in reply to Charlie Dodd

Charlie Dodd said:
Ok thank you. By doing that will that disable pings altogether on that network? For example, would the LAN Zone still be able to ping devices in the IOT network if that setting is disabled?

It will only disable ping to the Firewall, It won't affect the devices within that zone.

If a post solves your question use the 'Verify Answer' button.

Ryzen 5600U + I226-V (KVM) v21 GA @ Home

Sophos ZTNA (KVM) @ Home
Cancel
Vote Up +1 Vote Down

Cancel

Children

0 Charlie Dodd 5 months ago in reply to Prism

Ok thank you. I will give this a go
Cancel
Vote Up 0 Vote Down

Cancel