After upgrading to SFOS 18.0.3 MR-3 our reject or drop rules stopped working for blocking WAN traffic.
I have the following top rule to test which is not working anymore :
Source zone: Any
Source networks and device: WAN_TEST - has my test external IP address
That is likely related to this: https://community.sophos.com/xg-firewall/f/discussions/122091/firewall-policy-drop-shows-block-page-on-http-connections/451510#451510
Sophos is working on a Fix for this…
have you deleted all of the sd-wan policies and the linked NAT, so that you only have a default MASQ rule?
Reject or Drop rules don't have lined NAT associated with them