Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 964 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM, Network Protections, Rules -- Order does not count???

V M Smith

Does the order of Sophos UTM "Network Protection" firewall rules matter at all?!?!?!

On my sophos utm, the "Network Protection" firewall rules are as follows (summarizing)

Top Rule = deny PrivateIP#1... any protocol... to any external ip

(block PrivateIP#1 from reachign the internet)

<<<<<Additional Subsequent rules exist >>>>>

Rule#20 = permit all internal IPs... specfic protocol... to external ip address ranges

<<<<<Additional Subsequent rules exist >>>>>

Final Rule = Deny Any IP... any protocol... to any ip.

That said, I have logs indicating PrivateIP#1 is "allowed" on internet access via Rule#20 

In the world of Cisco: ACLs are applied in order with early rules "deny any any any" superceding any other rules that follow which contradict



This thread was automatically locked due to age.
  • 0

    Sure, the order is relevant.
    They are processed from top to bottom. "First match wins"
    Maybe the rule or host definition is not correct... or host is bound to a (wrong) interface, for example...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

      The firewall (packet filter) is generally one of the last filters that get applied.  Read the link below for a brief primer on what proxies/filters get applied in what order. Specifically rule #2.

    community.sophos.com/.../rulz

Unfiltered HTML