After upgrading to SFOS 18.0.3 MR-3 our reject or drop rules stopped working for blocking WAN traffic.
I have the following top rule to test which is not working anymore :
Source zone: Any
Source networks and device: WAN_TEST - has my test external IP address
That is likely related to this: https://community.sophos.com/xg-firewall/f/discussions/122091/firewall-policy-drop-shows-block-page-on-http-connections/451510#451510
Sophos is working on a Fix for this…
Could you please provide the Case ID you can log with Support, so I can follow-up!
I have not received any reply from Escalation engineer so far...
Thank you for the follow-up!
Sorry to hear you haven't heard from the escalation engineer, let me know if you still don't hear on Monday, I have sent an email requesting an update on your case.
By the way, I think you are being affected by NC-58436
You might be able to fix this by creating a DNAT balckhole rule with the Source as the country group (or the IP you are using for testing), and follow this KB
Any Idea when this bug will be fixed? - it looks that it has been around for a while
It is interesting to know when this error will be fix :)