Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 11629 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rule id:0 : Economist (Eiu.com) site blocked

Nagu Gopalakrishnan

New to SophosX and not a network Pro. but can tinker and go deep as needed. Using it to secure my home network.

 

My sophos rules are the default rules. did not do anything specific. There is a default rule allowing all LAN to WAN traffic and hence expect, that part should work well for all. 

Tried accessing the site pages.eiu.com (Economist site). dropped pack due to the Firewall Rule iD:0 in the policy tester. Cant figure out a way of allowing this. Do i need any  other explicit rule? Wont my default rule, supposed to handle this?

 

Any help is appreciated.

 

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Keyur

    Thanks Keyur.

     

    Keyur said:


    Could you please open the developer tools of the browser and try to check the status of the URL?

    Yes the URL is not reachable. Err: Connection Refused

     



    Did you apply any content filtering on the firewall rule from where the traffic has been passing?

    No content filter applied. Regardless policy tester says webfilters not blocking, only the Firewall

     

    Please create a source IP base rule and verify without applying any policy, only MASQ and Gateway.

    Unfortunately, the impact is the same

     

    Keyur said:

    Please go to Web >> General Setting >> Malware and content >> Advanced Settings >> Check the status of Pharming protection

    For firewall rule 0- https://community.sophos.com/kb/en-us/131968

     

    I could only see firewall rule 0 triggering, when there the DNS server is pointing to my pihole (Which is doing a DNS over https internally towards cloudflared). If i give external DNS servers, there is no drop. So assuming there is an issue in 

    Pihole (Cloudflared DOH) + Sophos 

    Some rule is expected for this configuration.

     

     
  • 0 in reply to Nagu Gopalakrishnan

    Finally boiled down to the root cause.

     

    For DNS of Https (Cloudflared or equivalent to work on all sites) in pihole, This is what i did

    1. my Cloudflare based DOH was running in port 5053 in Pihole

    2. So created a new service called DNSoH and added protocal/source/dest ports for 53, 5053 and 443 (combinations and permutations of these ports) as follows

    TCP (53) / (5053), TCP (5053) / (443), TCP (5053) / (53), TCP (53) / (443), UDP (53) / (5053), UDP (5053) / (443), UDP (5053) / (53), UDP (54) / (443)

    3. That solved the problem. Most of rule:0 exception is gone