How to find a specific firewall rule?

ps. cant post on this great forum with chrome.

With IE, I get an error

"An error occurred. Please try again or contact your administrator. "

.......... aaaaaand

"Your posting frequency has exceeded allowed rates. Please wait 5 minutes to post again. "

for real guys....

Hi,

I get the first error, have been for about a week since I moved to a new mac. Both safari and FF, haven't tried chrome. I ignore the error because I have no indication as to what it is referring to.

Ian

Are you using clientless or similar. Did you create an IP address when you were setting up your firewall rules?

Kari,

you need to perfom these steps:

• from the GUI, go to Host and Services > IP Host and they write down the hostname (for example iPhone)
• connect to XG cli > option 5 > option 3
• type: psql -U nobody -d corporate
• type: SELECT * FROM tblhost WHERE hostname='iPhone'; (please respect the upper and lower case
• Write down the hostid number (in my case is 11)
• type: SELECT * FROM tblfwsource; to check if the hostid is here (this is the source FW rule table)
• type: SELECT * FROM tblfwdest; to check if the hostid is here (this is the destination FW rule table)

in one of these 2 last tables you should find the relations hostid (11) and fwruleid (xxx). This id corresponds to Firewall rules inside the GUI. If the rule is still there, delete it, otherwise you need to delete the row using postgresql commands.

Let us know.

Regards

This is the most user-hostile approach I've ever seen in the firewalls.

Here's a suggestion: How about showing the rule name in the error message? And maybe even link to it?

Uhm....what I have to say about it?

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/10812132-force-delete-object

I created this feature request long time ago...Showing at the least the ID is a good starting point....

Add you own comment and vote it.

Regards

Sorry Luk, my rant wans't for you but for Sophos. I've completely fed up with these POS boxes.

Given that you have already created the feature request 2,5 years ago I think it's not coming, but I'll vote anyway.

I'm tasked to clean up our firewalls and I have hundreds of IP hosts to go through. I guess it's just easier to trash these and go for something that works and start over.

Kari,

I am still using XG at home and on small installation. Standard things to do are a dream on this box....You are more than right!

I am looking at next version...for the moment, it is still not enterprise ready....

Hello,

How can do this to find a user? like example rcasio,

Best regards.