I'm using the software version of Sophos Home UTM on my ESXi server and have three vNICs added. The connections are my WAN/Internal (192.168.1.0/24 router on this network), Lab (10.10.0.0/24), and Lab2 (172.16.1.0/24).
If I set a firewall rule to allow an Internal machine to any service and any destination, it completely ignores the Default Drop rule for the networks on the other vNICs.
Example:
Source - Internal machine - 192.168.1.2
Service - Any
Destination - Any
If I open up remote desktop on a machine on a different subnet, say 172.16.1.2, the above rule will allow the internal machine (192.168.1.2) to connect to port 3389 on 172.16.1.2, even without an explicit firewall rule allowing inbound 3389 on 172.16.1.2. Typically, this is supposed to fall to default deny because there isn't a rule allowing it.
Just because I allow an any/any outbound rule, doesn't mean it should automatically allow any/any inbound on other vNICs.
Am I missing something here or is this just the way Sophos UTM does things? Do I need to explicitly deny inbound traffic to the other vNICs?
This thread was automatically locked due to age.