Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 3052 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Drop" vs "Reject" HTTP + HTTPS messages

Josh Rogalski

Hello, in Sophos XG firewalls, what is the difference between "drop" and "reject"?  My understanding is that when you drop it simply and silently drops the packets without any response to the requesting device.  "Reject" would on the other hand send a message specifying the reject of the packet request.  We were testing dropping traffic via specified country and we noticed that it claimed there was tons of "outgoing" traffic on the rule where we geo blocked.  It was about 89 gigs worth which seems remarkably high for having "drop" as the action.  Is this somehow sending a message to the client anyway even though we have it set to drop? It isn't sending any sort of "this site is blocked due to policy" web page to them is it?



This thread was automatically locked due to age.
Parents
  • 0

    The screenshot show 89 GB for "Any Service".
    LuCar's reply is specific for port 80/443 traffic.
    I am sure that you are not replying with 89 GB of HTML block pages on port 80/443.

    I don't know how the byte counting is done for either "drop" or "reject".

    I would be curious if you "drop" a random port - say "1234" and then send 10MB of data packets to it.  What numbers go up?
    Then change it to "reject" and send 10MB of data packets.  What numbers go up?

    Based on your screenshot, I suspect the any random drop traffic caused the "out" number to increase.

Reply
  • 0

    The screenshot show 89 GB for "Any Service".
    LuCar's reply is specific for port 80/443 traffic.
    I am sure that you are not replying with 89 GB of HTML block pages on port 80/443.

    I don't know how the byte counting is done for either "drop" or "reject".

    I would be curious if you "drop" a random port - say "1234" and then send 10MB of data packets to it.  What numbers go up?
    Then change it to "reject" and send 10MB of data packets.  What numbers go up?

    Based on your screenshot, I suspect the any random drop traffic caused the "out" number to increase.

Children
No Data