Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 10277 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Not possible to use External interface definition in SUM?

floppyraid

Greetings all.

In Sophos UTM9 under Network Protection->Firewall->ICMP there is an option to disable "Gateway is ping visible", we like that option but I'd still like to allow ICMP Pings from specific hosts we use for monitoring our clients for offline and latency alerts. I've done some testing and found you can add an explicit firewall rule allowing ICMP Ping traffic from specific hosts and it works fine-- so I thought I'd push a firewall ruleset from SUM and have found that there is no Destination definition for "External (WAN)", am I overlooking something or is this not possible?



This thread was automatically locked due to age.
Parents
  • 0

    What happens if you use "Any" instead of "External (Address)" in the rule?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I tried that, thinking surely it would work but it didn't.

  • 0 in reply to floppyraid

    Please show a picture of the firewall rule that "didn't work" and say what you observed.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Image is attached below. Let me know if this didn't insert correctly and I will upload to imgur or something similar.

    The top part shows the rule I created inside of SUM (there is no default service definition for ping, so I copied the default definition for it from UTM)

    I pushed this rule to the firewall using 'Any', but pings were still rejected as can be seen in the middle image (i am remotely controlling one of our management servers there and showing the firewall logs showing the ICMP traffic being blocked with the 'Any' rule pushed from SUM)

    Finally on the bottom image is where I create a manual rule to allow pings from the same 3 hosts (they are put into a network group in this rule) going to the default 'WAN (Address)' instead of 'Any'. As you can see this rule is at position #10, beneath the #1  rule that SUM pushed.

    the Sophos UTM is an SG125 running Firmware version:        9.508-10

    the SUM server is running Firmware version:        4.307-4

     

  • 0 in reply to floppyraid

    Thanks for testing.  Now this seems like the ping is in the INPUT chain, but the traffic selector in the SUM rule doesn't apply when using "Any" in 'Going to'.  My last idea is to use "Internet IPv4" instead as it is bound to the External interface.  Any better luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to floppyraid

    Thanks for testing.  Now this seems like the ping is in the INPUT chain, but the traffic selector in the SUM rule doesn't apply when using "Any" in 'Going to'.  My last idea is to use "Internet IPv4" instead as it is bound to the External interface.  Any better luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML