Traffic is allowed out LAN-WAN when no LAN-WAN FW rules exist. i.e. Traffic goes out via Rule#0

To recreate this issue:

1. proceed through wizard but Skip to Finish

2. once the firewall has rebooted. connect a PC to the LAN and connect the WAN to a DHCP internet source.

3. try and browse out to the WAN from the LAN. you will find that traffic goes out to the internet even if there are no outbound rules. the packet capture shows traffic going via FW Rule #0 & NAt #0. There is only the default SMTP NAT rule in place.

i notice that the default deny rule #0 is greyed out in the firewall rules.

I am testing on an XG230 hardware appliance.

Matt

0 LuCar Toni over 5 years ago

There seems to be more than those 3 Rules in your firewall rule set?

Can you please share a screenshot of all rules?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 MattyG over 5 years ago in reply to LuCar Toni

Here is the full ruleset which allows outbound access via rule #0.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Apurv Patel over 5 years ago in reply to MattyG

Hi MattyG,

Thanks for your feedback, I will send you PM for more details purpose.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Apurv Patel over 5 years ago in reply to Apurv Patel

Hi MattyG,

Thanks for the appliance access.

Your appliance 'Base Firewall' license expired since 'Sun 31 Dec 2017', due to that your traffic going to pass using firewall rule id 0.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel
0 MatthieuPares over 5 years ago in reply to Apurv Patel

base firewall expiration ??? it s strange issue ...

How can base firewall expire ? Trial ?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 JTBrunnerACS over 5 years ago in reply to MatthieuPares

Had this same issue with a Base Firewall expiring on an upgraded SG330, for some reason in your MySophos account you have to go in and register your firewall a second time after upgrading so the expiration gets set to some thing like 12/31/2999 or New Years Eve Y3K. Had to contact Support when I went to license our firewall it was griping about it being a trial license, surprised me too as my impression was the hardware was licensed forever, only the virtual or software appliances needed a base license.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel