Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3418 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos firewall reporting "no global rule" when a rule is set

Herpderp

we have started using the client firewall on our network and we are seeing many events for "no global rule" when there is one set that matches the event that is logged.

this isnt happening on certain computers, it seems random and effecting everywhere. we have tried referencing our isps proxy using its IP and its domain name (which sophos then goes and displays the same IP that we were entering) yet is still shows up in the "no global rule" logs.

I have checked a computer and it says its going through the primary location which is correct but is also where the rules that it appears to be ignoring are.

I dont know if were doing something wrong or if its an error.


thanks

:20951


This thread was automatically locked due to age.
  • 0
    Hello Herpderp,

    there can always be bugs, I won't rule it out. It's impossible to give a general answer, we'd have to see the details (but I'd never suggest that you post them to a public forum).
    Hm, could you post the global rule (perhaps a screenshot with the "telltale" parts blurred)? And could you do likewise with the log entry for the incorrect blocking?

    Christian
    :20963
  • 0

    ive got an image of the client log, the console log and the rule itself but i cant seem to work out how to upload anything to here. do i need to uload it to an internet image site or something?

    :21059
  • 0

    Hello Herpderp,

    you can try to simply drag the imag(es) to the editor window like this: (insert image creates an external link so this has to be a publicly accessible location). If this fails or doesn't produce acceptable results please upload it to some site (like ImageShack). 

    Christian

    :21081
  • 0

    Hello Herpderp,

    I assume the final decision is block (there should be a corresponding message in the Connections view). Unless it is a different address (unlikely but I just want to mention this possibility - sometimes one just fails to spot it) this event should not occur. It seems to happen only rarely though (but too often that I'd suspect an ongoing policy update).

    I think you should contact Support so they have a look at it.

    Christian 

    :21269