Hi,
I’m using a third-party threat feed with Sophos and under the impression that it should provide WAN to LAN protection. However, I’ve conducted a test and observed unexpected behavior.
Here’s what I did:
- Created a custom text file list containing IP addresses and published it.
- Imported the list into the threat feed and set it to "Block" and "Top" priority.
- Despite this configuration, I can still connect to resources published to the WAN (via DNAT) from an IP address in the blocked list.
Notable observations:
- The block works for the admin portal of the firewall but not for other resources.
- My setup involves natted public IPs (e.g., WAN IP:
10.43.12.4/30, NATed range:192.168.100.0/26).
Questions:
- Does the third-party threat feed block apply to WAN to LAN traffic, or is there a limitation due to DNAT?
- Could the NATed public IP setup be affecting this behavior?
Any insights or advice on this matter would be appreciated.
Thank you.
Added TAGs
[edited by: Raphael Alganes at 2:17 PM (GMT -8) on 20 Nov 2024]
