Default inbound policy WAN - LAN to "drop"

Question

Hi 
 I am new to Sophos since I used Sonicwalls in the past. 
 The default policy consist only of a LAN -> WAN rule with "allow" action. 
 Is there a need to create a WAN -> LAN rule with "drop" on any service to be protected from WAN zone or does Sophos drop anything by default to any interface if not specifically allowed by rule - so WAN to LAN is already protected. 
 probably dumb question but I couldn't find an answer quickly for XG series 
 thx

lferrara · Accepted Answer

blublub, 
 create a Business Application rule. Have a look at this guide: 
 https://community.sophos.com/kb/en-US/122976 
 By default traffic is dropped if allowed rule is not created.

Default inbound policy WAN -> LAN to "drop"