Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 846 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trying to understand the rules, and why traffic is routing with a rule turned off?

MarkThornton

I am trying to understand how I am able to get traffic from my LAN to the DMZ when the firewall rule is OFF! Clearly I do not understand the XG rules and policies. I have attached an image below of what I see in the rules display, and from what I see there is nothing allowing traffic between the LAN and the DMZ. Before I go any further and create a bigger mess I need to know why. Where is this controlled and how am I supposed to read the displayed information so that I would know how the routing is occuring?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Mark,

    Thank you for contacting the Sophos Community.

    What are rules #4 and #6?

    You can also use the Diagnostics or conntrack to double confirm what Firewall rule is being applied when the traffic is going from LAN to DMZ.

    Regards,

  • 0 in reply to emmosophos

    Where am I supposed to see what is happening on the diagnostics page. All I see is the ping feature and it doesn't show up in the firewall log. Neither does a continuous ping from my desktop through the XG to the switch on the VLAN. Even when I enter the destination ip as a filter in the log nothing shows up. When I traceroute from my desktop it is clearly going through the XG to get to the switch on the VLAN. 

Reply
  • 0 in reply to emmosophos

    Where am I supposed to see what is happening on the diagnostics page. All I see is the ping feature and it doesn't show up in the firewall log. Neither does a continuous ping from my desktop through the XG to the switch on the VLAN. Even when I enter the destination ip as a filter in the log nothing shows up. When I traceroute from my desktop it is clearly going through the XG to get to the switch on the VLAN. 

Children