Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • Locked Locked
  • Replies 2 replies
  • Subscribers 39 subscribers
  • Views 6415 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UDP pseudo-connection and Schedules

Slawski

I have noticed that UDP pseudo-connections are not dropped after a schedule for thier rule expires. I mean: I have a policy which is valid only for a specified amount of time per day and allows UDP traffic.


Is it a bug or design decision ?

I had to manually drop connection to effectively enforce firewall rule.



This thread was automatically locked due to age.
Parents

  • Hi Slawski,

    Greetings.

    As per the software architecture, XG Firewall follows a Top-Bottom approach to suffice the client's request.

    Now if you have created a Firewall Rule to ALLOW UDP traffic for a specific schedule in a day and then DROP the traffic for rest of the time, you will need to configure two rules.

    On top will be the scheduled Firewall Rule to allow UDP traffic, next exactly place below this rule will be the non-scheduled Firewall Rule to drop UDP traffic.

    PFA Screenshot:

    Hope that helps.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • in reply to sachingurung

    I know that and I have a drop all rule below.

    I will try to explain my situation:

    I have a scheduled rule for UDP traffic. It allows UDP connections to a specified port range.There are some rules for different user groups below and then there is a drop all final rule.

    The problem is that connections made within allowed time are not automatically dropped after the schedule is over. On the other hand no new connection can be established outside of allowed times.

    Regards,
    Slawek

Reply
  • in reply to sachingurung

    I know that and I have a drop all rule below.

    I will try to explain my situation:

    I have a scheduled rule for UDP traffic. It allows UDP connections to a specified port range.There are some rules for different user groups below and then there is a drop all final rule.

    The problem is that connections made within allowed time are not automatically dropped after the schedule is over. On the other hand no new connection can be established outside of allowed times.

    Regards,
    Slawek

Children
No Data
Unfiltered HTML