After upgrading to SFOS 18.0.3 MR-3 our reject or drop rules stopped working for blocking WAN traffic.
I have the following top rule to test which is not working anymore :
Source zone: Any
Source networks and device: WAN_TEST - has my test external IP address
That is likely related to this: https://community.sophos.com/xg-firewall/f/discussions/122091/firewall-policy-drop-shows-block-page-on-http-connections/451510#451510
Sophos is working on a Fix for this…
How did you confirm, this is the case?
Can you post conntrack, tcpdump and logviewer screenshots?
Likely the traffic is dropped but shows a blockpage.
It has been confirmed by Sophos engineer that this is not working in our appliance so this is why they have escalated this to the next level. No contact from escalation engineer has been made as of yet.
Just wanted to understand, what is happening, as i still think, this is a known behavior and in fact is not allowed.
But if you do not want to investigate further i cannot help.
Could you please provide the Case ID you can log with Support, so I can follow-up!
I have not received any reply from Escalation engineer so far...
Thank you for the follow-up!
Sorry to hear you haven't heard from the escalation engineer, let me know if you still don't hear on Monday, I have sent an email requesting an update on your case.
By the way, I think you are being affected by NC-58436
You might be able to fix this by creating a DNAT balckhole rule with the Source as the country group (or the IP you are using for testing), and follow this KB
Any Idea when this bug will be fixed? - it looks that it has been around for a while
It is interesting to know when this error will be fix :)