Hello guys.
We have Sophos XG330 (SFOS 20.0.1 MR-1-Build342) in company.
I might not be the best network engineer in industry but as I know firewall should work like that.
-Read rules from top to bottom and if there is macthing rule apply it and stop.
We had some rules on firewall before but they weren't so specific, most likely any any kind.
So as I tried to create something like.
-Reject
-Source zone: prod
-Source network and device: PC
-Destination zone: WAN
-Destination network: any
-Services: any
This one is for specific PC to not have access to internet.
Then I wanted to create exceptions for this PC for windows update and our AV.
-Accept
-Source zone: prod
-Source network and device: PC
-Destination zone: WAN
-Destination network: list of FQDNs and IPs for exact service
-Services: all ports needed or also tried ANY
I put the accept rule above reject one but somehow it's ignored. In log viewer I can't see even one record that will use the accept rule.
And I dont really understand why. If in the reject rule I make exception that will look same as the accept one it works. I assume firewall then just ignores this rule and search for the next one that matches which is accept all. And in log viewer I can see that it uses the general rule. Can anyone tell me what i'm doing wrong in this configuration? Or it's just some kind of a bug? I want to make our network safer and I'm not able to cause of these rules that won't work.
Thanks in advance
Hubert
Quote