I'm not sure if this is expected behavior but it seems a bit odd to me. If I create a firewall rule with the 'Services' to to 'Any' and subsequently select some options under 'Scan email content' such as 'Scan POP3' (this applies to any of the options), there's a small text dialog that says "Common ports missing from Services for POP3". If I click 'Add Ports', it will add 'POP3' to 'Services' thus removing 'Any'.
It would seem if I already have services set to 'Any', I shouldn't be getting the small text dialog prompting me to add POP3 ports.
I agree. I just ran into this problem myself. Managed to remove internet access from some computers because I didn't notice that Any was removed when I clicked the link to see what it would do. Any should be seen as a valid service when enabling the "Scan email content" options.
Regards,
William
.
Hi Guys,
you seem to misunderstand that you want mail scanning enabled and to do so requires specific ports which XG tries to add by default. Using ANY in a mail scanning firewall rule is not really applying security.
ian
XG115W - v19.5 GA - Home
Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA
If a post solves your question please use the 'Verify Answer' button.
I agree with Ian.
This is the expected behaviour. I really like the option that if the user is not an expert, a message will be shown to add the proper ports in the services.
I guess that after the v18 official release, a proper KB on "how to scan IMAP/POP/SMPT" will be created. At the moment, the only KB available works for v16+.
https://community.sophos.com/kb/en-us/123274
In v18, the email client scanning firewall rule has been changed.
I really like this version of the firewall. And I like the option, but sometimes even an expert (no matter how perfect you are) can be in a hurry and a simple mistake can bring a network to a halt. Having the firewall show that message is great and I don't want that to change. But in my opinion, I think that any should be seen as valid.
I did some testing and it seems to only be the Any service/port that it overwrites and ignores as being a valid service/port. If I have http and https, then it adds the new ports without overwriting the existing services/ports. If some of the ports are already there, then it only adds the ones that are missing.
Is it really difficult to say any is valid for the email ports?
I agree with that.
As improvement, when the email scanning checkbox are selected, the UI should remove everything from the services and leave only "SMTP/S, POP3/S and so on".
Can someone from Sophos take a look at this thread and report the improvement?
Thanks