This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall: disable strict policy for a specific IP Address

Hi all,

I've an issue on a customer site with a XG125.

In the site are present a device that is managed remotely by the vendor via vpn provided by a cisco 800 router to which I do not have access.

I've configured the rules as requested by the vendor (also allow any/any) , but the sophos XG reject several packets and not the vpn does not go up.

the only working solution I found was to disable e strict-policy in the firewall. but I don't like the solution.

is it possible to disable the strict-policy only for an ip address?

Thanks

This thread was automatically locked due to age.

0 Daniel Bizzarro over 4 years ago in reply to rfcat_vk

Hi,

the packet is rejected as" invalid tcp reserved bit".

now the customer work and i cannot stop him for recreate the issue.

I've tried to solve with sophos support (I've opened 2 case), but without luck.

"please explain what you mean by strict policy"

I mean the advanced firewall rule

how advanced-firewall                                                 
        Strict Policy                           : off

set advanced-firewall strict-policy 

thanks 

Daniel