Inter VLAN communication

Question

Hello, 
 
 I have a somewhat unusual situation with my Sophos... up until a few days ago everything was working as expected but we had a power failure that resulted in the firewall shutting down (not gracefully). Since it's been rebooted, all the VLANs seem to be able to communicate with each other (I am able to navigate via web browsing from say VLAN 5 to VLAN 100) whereas they were previously dropped. Just for testing purposes, I added two rules to reject traffic from VLAN 5 to VLAN 100 and added logging but when I navigate to the web page, it continues to work and nothing is logged. 
 It seems as though it's working because of Web Filtering but I'm confused as to how everything was working before the power outage but failing now. 
 
 Has anyone run into something like this before? 
 
 Thanks.

Jay Jay · Answer

Take a look at the last post here - https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/46405/web-filter-profiles-enable-vlans-to-pass-http-https-data 
 The way I understand it, unless you explicitly *exclude* vlans in the skip list, it is allowed because the traffic is handled by the web proxy and not firewall (packet filter). 
 By adding all the vlans to the skip list under the "Skip Transparent Mode Destination Hosts/Nets" box, you force all local http(s) traffic going to vlans to skip the web proxy and instead move on to the firewall. This traffic gets block if there's no rules permitting intervlan http access in the firewall. 
 I hope this makes sense. I just tested this out myself. Have several IoT devices on vlan3 that have internal web servers for configuration. I could no longer access these devices after adding vlan3 to the skip list. Created a firewall rule to allow web browsing traffic between locallan (vlan1) and vlan3, then it worked.