Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 5 subscribers
  • Views 12605 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filter Overrides the Firewall rules

Sop2000

Hi,

I am new to the Sophos UTM. Have been using Untangle, but just migrated into Sophos UTM and i really like what i seen so far. The only issue i have is:

I installed and configured (as far as i can tell) the Sophos UTM, but when i enable Web Filter, any host/network in the allowed list in the web filter, bypasses the Firewall rules and has access to the internet.

Is this behavior expected? At the moment I can either use the firewall to block/allow based on IP/Port etc but NOT URL, or use the Web Filter and filter on URLs but no the firewall rules. This does not seem right to me? 

In Untangle you can do both at the same time, but their firewall is bit basic for my liking.

Thank you in advance for any advise you can part to help me understand this.



This thread was automatically locked due to age.
Parents
  • 0

    Firewall rules are the last in hierarcy

  • 0 in reply to Ol Deda

    thank you oldeda. i thought that would be the case, thank you for confirming, however, what confuses me is why the firewall rules is bypassed when i enable the web filter?

    i know the firewall rules are correct, because if i disable the web filter they kick in and do as expected, but as soon as i enable the web filter, almost like the firewall side is turned off (although its still on)

    i am using LACP with 4 NICs in a bundle and VLANs. i wonder if that has anything to do with it? a bug or something...

  • 0 in reply to Sop2000

    The architecture is different than most firewslls.

    Read the Wiki articles, as theycontain information that is not in the manuals.

  • 0 in reply to DouglasFoster

    Thank you DouglasFoster.

    I read the https://community.sophos.com/products/unified-threat-management/w/utm-wiki/37/securing-and-configuring-web-filtering

    but now i am now more confused:(

    =====================

    This what the instructions reads:

    In most firewall products, Access Control Entries are used to evaluate source and destination together.  In UTM, any traffic handled by the proxies will bypass any firewall rules, so source-destination restrictions must be enforced in the proxy configuration.

    =====================

    So it seems, if you enable the Web Filter, any traffic dealt by the web filter is not sent to the firewall rules but rather sent directly out (that my understanding). If my understanding is correct, then i am back to square one and more importantly how you supposed to use both at the same time since they both used for different things?

  • 0 in reply to Sop2000

    Hi and welcome to the UTM Community!

    You will want to internalize #2 in Rulz.  Also see Doug Foster's take on some of this: READ ME FIRST: UTM Architecture.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Sop2000

    Every new user endures this shock, unless they are configured and trained by an experienced consultant.   I think the architecture should be in the manual, with lots of cross-references to be sure it is not missed.   Since Sophos expects new installs to choose XG Firewall, the manual may not ever get rewritten.  

    Given the documentation gaps, I do not understand why the home use program is still offered.

  • 0 in reply to BAlfson


    Thank you BAlfson. I read both links, I must say i am surprised with the way Sophos designed their architecture, but i guess they have their reasons.

  • 0 in reply to DouglasFoster
    Thank you DouglasFoster, your comments combined with Balfson's shared links, I think its time to explore migrating into Sophos XG.
    I Wish I knew this from the start so would not have spent days reading and configuring UTM version and migrated directly into the XG version.
    Before I embark on this journey, do you think the XG has the same design limitations as UTM?
    Thank you again
Reply
  • 0 in reply to DouglasFoster
    Thank you DouglasFoster, your comments combined with Balfson's shared links, I think its time to explore migrating into Sophos XG.
    I Wish I knew this from the start so would not have spent days reading and configuring UTM version and migrated directly into the XG version.
    Before I embark on this journey, do you think the XG has the same design limitations as UTM?
    Thank you again
Children
Unfiltered HTML