Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 1341 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rules not being applied to internal network

alan weir

I have created a sample firewall rule at the very top which is:

Source: Internal network

Service: ping, ping6, Traceroute

Destination: External Network, Internal Network, specific devices I want to block from being accessed.

Action: block and log.

The issue: When I try to ping outside networks (google DNS) with this rule enabled, the action times out meaning the firewall is blocking that service and therefore the firewall rule is working. However, the firewall is allowing pings to any device in the internal work, even to devices I have specifically added as the destination.

Also as you can see in my firewall rules I have SSH and Telnet blocked, however I was still able to use putty to create a TCP dump which didn't really tell me anything. Yet, I was till able to log into the UTM using SSH even with a rule at the very top blocking it.

I looked at the Rulez post, and even went to so far as to completely disable every option in the IPS, Webfilter, and Application Visibility however the issue persists. There must be something I'm overlooking? All the option on the ICMP are unchecked as well.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Alan,

    Traffic between devices in the same subnet never transit the UTM, so you can't block it.  The easiest would be to put the devices you don't want to be pingable into a DMZ so they're not in the same subnet as the "Internal (Network)."

    Cheers - Bob
    PS In the future, instead of linking to an external site, simply insert your images into the post. We can't know if that external site is properly protected. The only malware I've gotten in almost 15 years was from an external link to a picture in this Community in 2014.  Thanks in advance!

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi Alan,

    Traffic between devices in the same subnet never transit the UTM, so you can't block it.  The easiest would be to put the devices you don't want to be pingable into a DMZ so they're not in the same subnet as the "Internal (Network)."

    Cheers - Bob
    PS In the future, instead of linking to an external site, simply insert your images into the post. We can't know if that external site is properly protected. The only malware I've gotten in almost 15 years was from an external link to a picture in this Community in 2014.  Thanks in advance!

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML