Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 4738 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What are the differences between Firewall rules and Regex and how do they work together?

Michael Jones1

We have had issues where there was a clean rule for allowing apple traffic yet the traffic was obviously filtered/suppresed. We have a 300Mb pipe and were getting 5Mb downloads. We added regex entries and now have great speed from apple. Is there a doc (I couldnt find anything to explain how they work) that explains the difference between the 2?



This thread was automatically locked due to age.
Parents
  • 0

    Hey  

    For added context, would it be possible to provide a screenshot or more detailed example of your original "clean rule" and how your rule looks now with regex entries?

    Also could you please clarify your question regarding difference? Difference between a firewall rule matching traffic via regex vs a firewall rule matching to traffic via?

    Regards,

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to FloSupport

    Morning FloSup,

     

    By clean I mean no scanning. No AV or WEB or IPS or HTTP or HTTPS. Just a rule to try an bypass any kind of scanning?

     

    Why do I need regex if I have a firewall wall rule to allow or block traffic from say O365?

  • 0 in reply to Michael Jones1

    I think this KBA explains your query.

    https://community.sophos.com/kb/en-us/128173

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    What does regex do that firewall rules don't?

  • 0 in reply to Michael Jones1

    Cannot follow your question? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi LuCar,

    I will answer what I think he is asking and I will request that you fill in the bits that I am unsure of.

    The XG is based on firewall rules, policies and definitions.

    A firewall rule uses policies and definitions to achieve its functions. REGEX can be used to fine tune the policies and maybe definitions, but not firewall rules.

    I expect REGEX can be used in a number of places in the XG policies, but the only one I am aware of is the Web Exceptions, (LuCar please expand if needed).

    I hope that answers you question?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to Michael Jones1

    Michael Jones1 said:

    What does regex do that firewall rules don't?

    If you are asking about the two different methods that are in the KB (Exceptions using RegEx versus Firewall Rules).

    If you use the firewall rule method, the traffic (the packets) are forwarded from the LAN to the WAN, without ever going through the web proxy.

    If you use the Exception / RegEx rule method the packets are sent the web proxy, the proxy then still implements some policy (other policy may not be run based on the exception) and then sent out to the far web server.

     

    So an Exception turns off part of the web proxy policy.  A firewall rule bypasses the web proxy altogether.

     

    If you wanted to turn off antivirus scanning and still enforce category blocks, use an exception.  If you wanted to say "I fully trust this site and want connections completely untouched" use a firewall rule.

Reply
  • +1 in reply to Michael Jones1

    Michael Jones1 said:

    What does regex do that firewall rules don't?

    If you are asking about the two different methods that are in the KB (Exceptions using RegEx versus Firewall Rules).

    If you use the firewall rule method, the traffic (the packets) are forwarded from the LAN to the WAN, without ever going through the web proxy.

    If you use the Exception / RegEx rule method the packets are sent the web proxy, the proxy then still implements some policy (other policy may not be run based on the exception) and then sent out to the far web server.

     

    So an Exception turns off part of the web proxy policy.  A firewall rule bypasses the web proxy altogether.

     

    If you wanted to turn off antivirus scanning and still enforce category blocks, use an exception.  If you wanted to say "I fully trust this site and want connections completely untouched" use a firewall rule.

Children
No Data
Cookie Information Banner