Hello everyone,
I have a VLAN 10 which is my DMZ and I want to disable/block access to my internal Network (VLAN 1).
I can ping every Device from my DMZ and access every LAN-Device.
I already tried to add a BLOCK Rule, but my Sophos seems to ignore it.
Anybody got an Idea how to block these?
Hello xXTim150Xx,
is there another router between the VLAN 10 (DMZ) and VLAN 1 (LAN)?
Are the interfaces defined in the correct zones?
Sophos XG needs rules for all internal routing.
You can try to figure out what's happening by switching on logging on each rule and tracing a communication from DMZ to LAN in the logfile.
Best regards,
BeEf
Hi H_Patel,
There is no rule which allows traffic from my DMZ to my LAN as you can see in the picture.
I also did a packet capture. I pinged my NAS from the DMZ and I still can reach it. I can also reach it via HTTPs.
My drop rule is already on top of my Firewall Rules.
Hi H_Patel,
There is no rule which allows traffic from my DMZ to my LAN as you can see in the picture.
I also did a packet capture. I pinged my NAS from the DMZ and I still can reach it. I can also reach it via HTTPs.
My drop rule is already on top of my Firewall Rules.
