This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM, Network Protections, Rules -- Order does not count???

Does the order of Sophos UTM "Network Protection" firewall rules matter at all?!?!?!

On my sophos utm, the "Network Protection" firewall rules are as follows (summarizing)

Top Rule = deny PrivateIP#1... any protocol... to any external ip

(block PrivateIP#1 from reachign the internet)

<<<<<Additional Subsequent rules exist >>>>>

Rule#20 = permit all internal IPs... specfic protocol... to external ip address ranges

<<<<<Additional Subsequent rules exist >>>>>

Final Rule = Deny Any IP... any protocol... to any ip.

That said, I have logs indicating PrivateIP#1 is "allowed" on internet access via Rule#20 

In the world of Cisco: ACLs are applied in order with early rules "deny any any any" superceding any other rules that follow which contradict

This thread was automatically locked due to age.
  • Sure, the order is relevant.
    They are processed from top to bottom. "First match wins"
    Maybe the rule or host definition is not correct... or host is bound to a (wrong) interface, for example...


    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  •   The firewall (packet filter) is generally one of the last filters that get applied.  Read the link below for a brief primer on what proxies/filters get applied in what order. Specifically rule #2.