Business rule against new Firewall rule - feedback

In version v17, a business rule (DNAT or WAF) uses a different icon and I really appreciated that because scrolling down can give you a straight-vision on how many DNAT or WAF rule were configured. I know that you can use filter, but I think that different icons help.

I suggest to keep the v17 icon and also do differentiate the DNAT icon to WAF icon. Leave DNAT icon and for WAF, create an icon with a firewall (or a server) and http/s on top to indicate that is a WAF rule instead of DNAT.

What other community users think about?

Parents Reply Children
  •  

    certain threads have beee locked. We are able to reply as we are moderators.

    Regarding the scope of this thread, I took the entire v18 training course, and to be honest I am very happy with the feature they implemented and how.

    I hope that they will rethink on how to create DNAT and WAF rules. Leaving the Wizard as v17 and corresponding fields, can do the trick.

  • Hello Luk,

    You're right, thank you for pointing that out.

    Emile

  • Are we locking threads with a marked answer?  Seems to be what is happening now.  Interesting...

     

    Edit:  I was wrong.  Only specific threads like Luk mentioned.  Even more interesting...fire a little too hot maybe??  ;)

  • The above diagram is how the XG v18 works now. In black my comment.

    The below is one of my possible way to implement Firewall rules and DNAT

    I also would suggest to put WAF and DNAT in the same windows. People choose if they want WAF or not.

  • Hi Luk,

    That to me would make way more sense than the current layout.  Your mockups above at least.  More logical flow in how we all think when setting these rules up.  

    Thanks,

    John

  • Hi,

    I think WAF is not given here because it is only working on HTTP or HTTPS services and WAF rule can be created in old-style (17.5) without any NAT.  Yesterday, I got an email from the Sophos and he shared a very clear explanation that why Sophos moved with this type of configuration and services. After reading his mail, I understand that Sophos planning to move with more SDWAN and flexible for Traffic engineering. 

    As I am a big fan of Cisco due to his documents and flexibility in traffic engineering. You can do the same task in multiple ways and now Sophos is also moving in this way. I like it. It may some difficulty for a month but it is big change.

    Thanks,

    Deepak Kumar

    Sophos XG & Central Architect 

  • Thanks for your input deepakkhw.

    I know that WAF is not the same, but since WAF template now is under action drop-down menu (which does not make sense) the WAF option or section can be moved somewhere else.

    I took the XG v18 beta course suggested by PMPath and I said, the features in v18 are great but the DNAT rule creation is not "Security made simple".

    I am sure they will consider our feedbacks to change something. It is still a beta version. Creating and managing things from multiple sources it is a great feature and way to do thigs. I am thinking about how web filtering has been implemented on XG. Web filtering (apart the engine which is still not catching some urls categories) the Web filtering Unit devs did a grear job. I love it. Configuring web filtering in XG is simpler and better than UTM9. This is my opinion and also some system admins I know told me the same.