Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 846 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trying to understand the rules, and why traffic is routing with a rule turned off?

MarkThornton

I am trying to understand how I am able to get traffic from my LAN to the DMZ when the firewall rule is OFF! Clearly I do not understand the XG rules and policies. I have attached an image below of what I see in the rules display, and from what I see there is nothing allowing traffic between the LAN and the DMZ. Before I go any further and create a bigger mess I need to know why. Where is this controlled and how am I supposed to read the displayed information so that I would know how the routing is occuring?



This thread was automatically locked due to age.
Parents
  • 0

    Your first two lines are groups that have three rules between them. Any of these three rules could be routing from LAN to DMZ. Just because you have Rule #5 turned off doesn't mean that rules #4, #6 , and #7 can't be routing, hence emmosophos' question. Your #6 screen capture is a mistake and doesn't show the details of  rule #6. Rule #4 appears to cover only SMTP traffic, but it is Any-Any so if you send SMTP traffic from your LAN to an address that the XG knows is in the DMZ, it will of course forward it.

    Rules #6 and #7 could also be Any-Any and if they don't otherwise narrow down their scope (port, time, etc) they'll route all traffic from LAN to DMZ if the destination address is known by the XG to be in the DMZ.

    If you know the source or the destination machine (or both), you can use packet capture with the appropriate filter to capture the packets you think should not be routing to the DMZ and then check which rule was routing them.

Reply
  • 0

    Your first two lines are groups that have three rules between them. Any of these three rules could be routing from LAN to DMZ. Just because you have Rule #5 turned off doesn't mean that rules #4, #6 , and #7 can't be routing, hence emmosophos' question. Your #6 screen capture is a mistake and doesn't show the details of  rule #6. Rule #4 appears to cover only SMTP traffic, but it is Any-Any so if you send SMTP traffic from your LAN to an address that the XG knows is in the DMZ, it will of course forward it.

    Rules #6 and #7 could also be Any-Any and if they don't otherwise narrow down their scope (port, time, etc) they'll route all traffic from LAN to DMZ if the destination address is known by the XG to be in the DMZ.

    If you know the source or the destination machine (or both), you can use packet capture with the appropriate filter to capture the packets you think should not be routing to the DMZ and then check which rule was routing them.

Children
No Data