Strange VLAN Routing Issue

Hi All - 

I have an issue that I'm hoping will be simple.

I have 2 VLANs and I'm able to ping and view devices on the 2nd VLAN without specifically allowing the traffic with a firewall rule.  How is this possible?  If I run a trace route from the first VLAN to the 2nd I can see that the traffic is hitting the UTM interface first and I only have layer 2 switches is use.  What am I missing?

I even setup a deny rule and moved it to the top of the list and traffic is still allowed.

  • Hi.

    Without knowing your infrastructure in detail. 

    Please have a look on at your configuration at "Network Protection -> Firewall -> ICMP". This could be activated there.

    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • Possible you globally allow ICMP?
    Please check Network-protection / Firewall / icmp.
    Post the setting if you are unsure...


    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply Children
No Data