This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

cant block firewall itself

hi

i am testing utm 9 home edition version
i have some problem,i created rule any to any block,and the firewall still going to inet....after i hade block any to any i can do traces and dns lookups from support>tools
how can i prevent utm (firewall) go to internet??
like in kerio,chekpoint there is a "firewall" instead wan and lan networks,and i can prevent firewall going to internet or block some ports just for a "firewall"/
i put sophos behind another firewall ..and i see after i have create rule any to any block,utm still  going to internet ,and i can acees from wan to webadmin....

sophos utm(as a firewall) always going to Inet ,i can prevent host in lan ,but i cant block the wirewall itself going to internet....

some one knoe i can i prevent firewall going to inet?and how ca i see states thas are opened (states of firewall itself)

i dont want sophos utm sending notification to some smtp service automatic to deadmail.fw-notify.net

how can i control what is going on :)?


thanks



This thread was automatically locked due to age.
  • Hi, Ilya, and welcome to the UTM Community!

    You are using a free home-use license with the same program on every business UTM.  The only limitations are the number of connections, the number of IPs you can protect behind it, the ability to customize messages, etc.

    When you loaded this, the installation wizard asked you questions and, based on your responses, created firewall rules that allowed some traffic.  You also answered in such a fashion that Web Filtering was activated, resulting in invisible firewall rules used by the HTTP/S Proxy.  See #2 in Rulz to get a broader picture.

    If you're familiar with iptables, you can see the details of the invisible rules at the command line, but you'd be better off spending time learning WebAdmin.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Why would you want to block the firewall itself to internet? By this the firewall is able to download pattern-updates and keep itself up-to-date. If you don't trust the firewall then you shouldn't use it at all.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • the question is not "trust or don’t trust"… how can I control all traffic from firewall itself? When I creating rule on all interfaces any to any block - ALL TRAFFIC should be blocked! Also firewall itself .I decide which traffic is allowed.so what I see that firewall steel going to iNet. Why I don’t see any loopback traffic on wan lag ?i can see it just in shell..ip tables print , i dont any logs in Sophos logs for loopback traffic So I removed loopback interface ..and changed some other rules (from command prompt),but this is not the way I think it should be "firewall" object/host built-in in UTM,and after installation it shoulbe blocked

  • its should not be "invisible firewall rules ":)

  • Ilya, you're not approaching the UTM in the right frame of mind.  This is not your grandfather's firewall where every rule must be created by hand.  If that's what you want, the UTM is not for you.  But, ...

    WebAdmin is a GUI that manipulates databases of objects and settings.  A single change there can cause the Configuration Daemon to rewrite hundreds of lines of the code used to run the UTM.  It is capable of very powerful, elegant configurations.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA