Sophos XG Block Inter-VLAN Traffic DMZ

Question

Hello everyone, 
 I have a VLAN 10 which is my DMZ and I want to disable/block access to my internal Network (VLAN 1). 
 I can ping every Device from my DMZ and access every LAN-Device. 
 
 I already tried to add a BLOCK Rule, but my Sophos seems to ignore it. 
 
 Anybody got an Idea how to block these?

FormerMember · Accepted Answer

Hi xXTim150Xx , 
 Thank you for the update. 
 When I looked at your firewall, the rules were already corrected. I think there was a firewall rule configured to allow traffic between DMZ or ANY zone to LAN. 
 If you need to test the firewall rules, you can run the policy test to see if traffic is blocked or allowed, you can also see the firewall rule number for allowed or blocked traffic. 
 Thanks,

FormerMember · Answer

Hi xXTim150Xx , 
 Thank you for reaching out to the Community! 
 Is there any firewall rule between DMZ and LAN zone? Run packet capture to verify if there's a firewall rule allowing the traffic between these two VLANs. 
 You could create a drop rule between DMZ and your LAN zone and put it on top. 
 
 Monitor traffic using Packet Capture Utility in the Sophos XG Firewall GUI 
 
 Thanks,

Sophos XG Block Inter-VLAN Traffic DMZ

Top Replies