This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remove 'Allow any/any' rule

We have an UTM9 firewall running. The two last firewall rules are:

  • rule 17: Allow any/any (Default Allow rule)
  • rule 18: Drop any/any  (Default drop rule)

I want to remove the 'allow any/any' rule as it defeats previous, more specific 'allow' rules in the firewall.

Before doing that, I want to be absolutely sure that, when removing the 'allow any/any' rule, I don't lock myself out on the WebAdmin access.

I will be performing the change from a network that is in the 'Allowed Networks' in the General WebAdmin settings. Is that enough? Do these networks always have access to the WebAdmin even though there is no firewall rule that allows this traffic?

Thanks!



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    The WebAdmin access isn’t subjected to the firewall rules. If the source network is allowed under WebAdmin Access Configuration, you could access it without a firewall rule. 

    Allowed Networks: The Allowed Networks box lets you define the networks that should connect to the WebAdmin interface. For the sake of a smooth installation of Sophos UTM, the default is Any. This means that the WebAdmin interface can be accessed from everywhere. Change this setting to your internal network(s) as soon as possible. However, the most secure solution would be to limit the access to only one administrator PC through HTTPS. Adding a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.

    Reference UTM help page.

    Thanks,

  • Hoi and welcome to the UTM Community!

    I would also delete your Drop Any/Any rule as that removes information from your firewall log.  The built-in default drop rule will tell you which chain the packet was dropped from and will help you analyze problems.  See the images at the bottom of Rulz (last updated 2021-02-16).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hoi and welcome to the UTM Community!

    I would also delete your Drop Any/Any rule as that removes information from your firewall log.  The built-in default drop rule will tell you which chain the packet was dropped from and will help you analyze problems.  See the images at the bottom of Rulz (last updated 2021-02-16).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data