Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 767 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Applying a firewall rule to a wireless access point (or switch)

shred

On my network, I have different “MAC host” defined for my various devices which I associate with firewall rules. I use UniFi managed switches and Apple Airport wireless access points on my network which also have a “MAC host” defined for them and are associated with a firewall rule.

My question is, let’s say I have a computer associated with firewall rule #1 and a wireless AP associated with firewall rule #2. This computer is connected to the network via the wireless AP. In this situation, are both firewall rule #1 and #2 settings/policies being applied to traffic going to/from the computer since it’s connected to the wireless AP? In other words, is all of that traffic essentially being scanned twice (assuming I have malware and content scanning enabled on both rules)?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  : For end system If your AP is acting as in gateway then traffic will come to XG via AP IP only and in that case Firewall rule #2 will scan the traffic but if your AP is acting as in bridge mode and for end system (behind the AP ) if the gateway is firewall then system traffic will be served by firewall rule id #1. So in both the cases scanning will be one time only based on your wireless AP/Router deployment mode.

  • 0 in reply to Vishal_R

    Sorry I should have mentioned the Apple wireless APs are setup in bridge mode so they’re only serving as wireless APs (not doing any routing, DHCP, etc.). My Sophos XG is setup as the router, DHCP server, etc.

    So are you saying in this case, adding the Apple wireless APs to a firewall rule (via a MAC host) is not doing anything? In other words, any device connected to the Apple wireless AP is not getting additional scanning/policies enforced. I’m assuming having the Apple wireless APs associated with a firewall rule would only apply for things like firmware updates for the device itself.

Reply
  • 0 in reply to Vishal_R

    Sorry I should have mentioned the Apple wireless APs are setup in bridge mode so they’re only serving as wireless APs (not doing any routing, DHCP, etc.). My Sophos XG is setup as the router, DHCP server, etc.

    So are you saying in this case, adding the Apple wireless APs to a firewall rule (via a MAC host) is not doing anything? In other words, any device connected to the Apple wireless AP is not getting additional scanning/policies enforced. I’m assuming having the Apple wireless APs associated with a firewall rule would only apply for things like firmware updates for the device itself.

Children
  • +1 in reply to shred

    Hi : Yes correct the rule for Apple Wiresless AP in this case will be for that device generated traffic it self. For rest of the traffic coming from machines/devices behind that Wireless AP, XG will check rules from top to bottom as XG is acting as in gateway for them and based on matching condition it will pass the traffic via matching rule and based on that matching rule policy and scanning action will be applicable.