This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM-9 firewall rule implicit ?

i am beginner for sophos,

i saw my company's sophos there are some rules are allow and some of them are deny,

this make me confusing of not fit the allow condition will be deny, or not fit the deny condition will be allowed???



This thread was automatically locked due to age.
Parents
  • There is an implicit deny, so if no allow rule matches, the traffic WILL be denied.  Despite this, I've heard of various reasons why you might want a deny rule, for example, auditors might want to see it there, or maybe you want to log denied traffic to/from networks on a specific firewall rule ID rather than to the typical 60001 & 60002 rules commonly seen in the packet filter log. 

    Tim 

  • Thanks your help

    i am confused, lets say i have few network (192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24) connected to UTM-9, once they connected well with interface ip, they all should routable in between,

    if i added a rule 192.168.1.0/24-> allow http -> 192.168.2.0/24, 

    then that means 192.168.1.0 can http to 192.168.2.0 only, but no inverse

    no other protocol can go from 192.168.1.0/24 -> 192.168.2.0/24,

    how about 192.168.3.0/24 -> 192.168.2.0/24 ??

    192.168.3.0/24 -> 192.168.1.0/24 ?

  • or.....i misunderstanding

    if no any match in rules....... all other routing will be deny......

  • Correct.  If no allow rule matches, the traffic is denied.  If you're using Web Protection though, HTTP and HTTPS access to/from networks would be be controlled through web filtering, not through firewall rules.  

    Tim

  • And, you also should study #2 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data