Asymmetric routing and policy behaviour

Question

Hi, 
 When I do a bypass of subnets through stateful-firewall-config to avid asymmetric traffic inspection (MPLS), what impact on firewall policy rules and others are applied? 
 Is it only the flow of TCP connections? I can confirm that for example doing a 'drop' rule for elements in the same subnet does not apply the firewall policy rule and believe that this isn't really a 'normal' behaviour. 
 Any inputs? 
 Thanks!

FormerMember · Accepted Answer

Hi @wajdiaa , 
 Thank you for reaching out to the Community! 
 Once you bypass the IP host/network from the stateful-firewall-config, the firewall won&rsquo;t keep track of the bypassed networks' connection. That means these IP hosts/networks won&rsquo;t go through the firewalling. 
 Thanks,

FormerMember · Answer

Hi @wajdiaa , 
 Thank you for reaching out to Sophos Community. 
 Adding a bypass stateful firewall for the MPLS networks, effectively makes the firewall act as a router for the traffic with no filtering/restrictions. 
 All connections between source and destination mentioned under 'bypass stateful firewall' won&rsquo;t be monitored.

Asymmetric routing and policy behaviour

Top Replies