This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How the firewalls rules works ?

I'm evaluating Sophos XG Home and I can't understand how the packets are going through the rules

In fresh install (18.5.2) I added few custom rules:

- first with source : LAN / networks - Any / Schedule - Al the time, and destination : WAN / networks - *.DOMAIN_NAME / services - Any, everything else (web filtering, app control ) disabled

- second with source LAN / Any / All the time , and destination WAN / Any / Any with settings "Match known users" and "Use web auth for unknown users"

For my understanding all the traffic going to www.DOMAIN_NAME should be allowed by the first rule and any other should be catched by second rule and allowed after successful authentication by the user - I'm wrong ? Because it is not working like that ....

Looking at log I see that traffic to www.DOMAIN_NAME is catched by second rule and even I'm not looged in and some packets are denied and few seconds later allowed .. :(

I'm making mistake in configuration or don't understand how it works ?

Greetings

This thread was automatically locked due to age.

Parents

0 rfcat_vk over 3 years ago

Hi Anton,

what is the order of the rules, they are processed from top down? Using the match known users requires you to create users. When trying out rules it is best to leave the user security checking alone until you are happy with the process.

Are you using linked NAT rules, that will cause some confusion for a beginner as well?

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 3 years ago

Hi Anton,

what is the order of the rules, they are processed from top down? Using the match known users requires you to create users. When trying out rules it is best to leave the user security checking alone until you are happy with the process.

Are you using linked NAT rules, that will cause some confusion for a beginner as well?

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Anton Szuk over 3 years ago in reply to rfcat_vk

Hi,

this is my expectation that they are processed from top according to the number in the first column ( # ) and not according to the column ID where for example #Default_Network_Policy has #5 which is lower than numbers for custom policies created by myself

I have the users account with proper time schedule and so on - this part works like a charm but what I want to achieve is that some pages/services are reachable all the time without authentication

I dont use NAT rules - I was even wondering if this is a problem that I have none of them ....
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to Anton Szuk

Hi,

unless you have routable IP address ranges internally, you need at least one default masq nat rule that will basically provide access for all rules.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Anton Szuk over 3 years ago in reply to rfcat_vk

this one created by default - #NAT_Default_Network_Policy is enough ? or I need to created one for my every custom policy ?
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to Anton Szuk

Hi,

for what you testing the default is good

Ian
Cancel
Vote Up 0 Vote Down

Cancel