Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 758 views
  • Users 0 members are here
Options
Suggested

[Feature] Split with choice of "Only ..." and "All but the following networks/hosts"

BAlfson
Noodles156 described in https://community.sophos.com/products/unified-threat-management/astaroorg/f/62/t/57314 how he used 32 network definitions to send all traffic therough the RED tunnel except that destined for their VoIP provider.

When "Split" is chosen, a second dropdown menu with the choices "Only the following networks/hosts" and "All but the following networks/hosts" could appear.  I assume you're just writing routes, and this would allow a simper configuration file in such cases.

Cheers - Bob
  • 0
    Yes, Treskaan, that was where I got the idea, but that thread speaks about different types of Network objects.

    There is a feature suggestion to have a Network Type of "Exception" like '72.0.0.0/8 Except 72.72.72.0/24'.  That was being considered when the new "Range" definition was created, so I suppose that it wasn't done because of some technical concern related to how IPtables works and because, in most cases, it's easy to make two Firewall rules or two NAT rules, etc.

    The problems arise in VPNs.  My point with this suggestion is that the "except" should be in VPN definitions, not in Network object definitions.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML