Traffic is allowed out LAN-WAN when no LAN-WAN FW rules exist. i.e. Traffic goes out via Rule#0

To recreate this issue:

1. proceed through wizard but Skip to Finish

2. once the firewall has rebooted. connect a PC to the LAN and connect the WAN to a DHCP internet source.

3. try and browse out to the WAN from the LAN. you will find that traffic goes out to the internet even if there are no outbound rules. the packet capture shows traffic going via FW Rule #0 & NAt #0. There is only the default SMTP NAT rule in place.

i notice that the default deny rule #0 is greyed out in the firewall rules.

 

I am testing on an XG230 hardware appliance.

Matt

Parents Reply Children
  • Had this same issue with a Base Firewall expiring on an upgraded SG330, for some reason in your MySophos account you have to go in and register your firewall a second time after upgrading so the expiration gets set to some thing like 12/31/2999 or New Years Eve Y3K. Had to contact Support when I went to license our firewall it was griping about it being a trial license, surprised me too as my impression was the hardware was licensed forever, only the virtual or software appliances needed a base license.