Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 3969 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

During scheduled time - overrides the reject setting in a firewall rule

Nicholas Miles

I am using XG 17.5.0

I set a firewall rule based on IP to reject a connection therefore turning off network access to that device.  This works correctly.

When I add the "During scheduled time" by choosing School days as the option the network connectivity is allowed even though the rule is still set to "Reject".  The hour when this was tested was outside the allowable school hours.  

Is this a bug or am I missing something?

 

 



This thread was automatically locked due to age.
  • 0

    I'd like to clarify what I think is happening.  When the "During scheduled time" is active in the firewall rule, regardless of whether the device is in or outside the time frame for usage, the rule is bypassed.  I noticed I had no activity on that rule when I choose "School days" so the rule is being bypassed.  

    The question then is why is the rule being bypassed when "During Scheduled Time" options are utilized?  The rule works correctly when "all the time" is chosen. 

  • 0 in reply to Nicholas Miles

    The rule will need to be at the top of your rule list.

    Ian

  • 0 in reply to rfcat_vk

    Hmm ..the rule is at the top of the list.  I'm also unclear how this is supposed to fix the rule being bypassed when "During scheduled time" is used.

     

  • 0 in reply to Nicholas Miles

    Just making sure. Next thing to check is the time on the XG.

    I will add a time based rule to my XG as a test.

    Ian

  • 0 in reply to rfcat_vk

    I did check the time before posting and the time is correct on XG.  

  • 0 in reply to rfcat_vk

    Hi Nicholas,

    I setup a rule which failed because I have other rules further down the list which allow the client device to access the internet. The rule test will work its way down all rules until it finds there are none that match and then will log a failed/denied connection.

    If you wish to block access to the internet you need a active rule that has the time settings that specifically matches the device you want to block/allow. All other rules should be set that do not match the device concerned.

    I use DHCP static and clientless users/groups to control access on my networks.

    Ian

  • 0 in reply to rfcat_vk

    Again thanks Ian

    I have a rule that is related to a specific device.  The DHCP on the wireless box has the MAC address and assigns the IP (this is working correctly).  The Sophos XG then has a rule that the IP is to have access based on the "During scheduled time".  I can reject the device and it works, I can provide access and that works.  When I set the During schedule time to anything but "anytime" the rule is bypassed. 

    My understanding of the option "during scheduled time" is that it allows when a user can get access and when they cannot.  That being the case it doesn't work because it disregards the rule in firewall even if I set the rule to "reject".  

    Of course I can use other rules to block access to the specific device based on IP but that defeats the point of having a "During scheduled time" option in the rule.  

     

  • 0 in reply to Nicholas Miles

    Hi Nicholas,

    what rule do you see being used by the device when it is supposed to be blocked?

    Ian

  • 0 in reply to rfcat_vk

    I setup a device with the source as LAN and the source device (desktop computer)  has the specific IP which was setup under Hosts and Services (IP Host).  The destination zones and networks are any any.  This is the rule that is by-passed when using "During scheduled time" for anything but "anytime". 

     

     

     

  • 0 in reply to Nicholas Miles

    Hi Nicholas,

    what rule is being used when the bypass fails?

    Does you school hours block schedule look like this?

    Ian