This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM Question

I have the home edition of the Sophos UTM appliance and it acts as a default gateway/firewall for my network. I have it residing in a virtual machine with three interfaces. (all security concerns of running it in my VM environment aside)

*eth0 - VLAN 15 - Raw Internet coming from my cable modem *eth1 - VLAN 2 - Internal network for my PC's, file server, etc - 10.0.13.7 *eth2 - VLAN 3 - DMZ mainly for testing/Internet only access - https://19216811.cam/

The virtual environment is connected through a nortel 5520 switch, and all connectivity works properly... except that the UTM allows traffic to flow between the "DMZ" network and the "Internal network" even though there is a firewall rule to drop any traffic between these two networks. This happens virtual to virtual, physical to physical, and either way in between. The rule is at the top of the list and is enabled. I've tried digging through the interface to see where it might be allowing traffic, or if there were any hidden firewall rules, but no luck.

A traceroute shows that it is indeed crossing over the UTM to the DMZ network via 10.0.13.7

Any ideas?



This thread was automatically locked due to age.
Parents
  • Hi and welcome to the UM Community!

    Let's start by selecting 'Log traffic' in the 'Advanced' section of any firewall rule you think should be stopping or may be allowing this traffic.  If you then see nothing related in the firewall log, the traffic is being allowed before reaching the manual firewall rules.

    Refer to #2 and #2.1 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi and welcome to the UM Community!

    Let's start by selecting 'Log traffic' in the 'Advanced' section of any firewall rule you think should be stopping or may be allowing this traffic.  If you then see nothing related in the firewall log, the traffic is being allowed before reaching the manual firewall rules.

    Refer to #2 and #2.1 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data