Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 29 subscribers
  • Views 2144 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How the firewalls rules works ?

Anton Szuk

I'm evaluating Sophos XG Home and I can't understand how the packets are going through the rules Disappointed

In fresh install (18.5.2) I added few custom rules:

- first with source : LAN / networks - Any /  Schedule - Al the time,  and destination : WAN / networks - *.DOMAIN_NAME  / services - Any, everything else (web filtering, app control ) disabled

- second with source LAN / Any / All the time , and destination WAN / Any / Any with settings "Match known users" and "Use web auth for unknown users"

For my understanding all the traffic going to www.DOMAIN_NAME should be allowed by the first rule and any other should be catched by second rule and allowed after successful authentication by the user - I'm wrong ? Because it is not working like that ....

Looking at log I see that traffic to www.DOMAIN_NAME is catched by second rule and even I'm not looged in and some packets are denied and few seconds later allowed ..  :( 

I'm making mistake in configuration or don't understand how it works ?

Greetings



This thread was automatically locked due to age.
Parents
  • 0

    Hi Anton,

    what is the order of the rules, they are processed from top down? Using the match known users requires you to create users. When trying out rules it is best to leave the user security checking alone until you are happy with the process.

    Are you using linked NAT rules, that will cause some confusion for a beginner as well?

    Ian

  • 0 in reply to rfcat_vk

    Hi,

    this is my expectation that they are processed from top according to the number in the first column ( # ) and not according to the column ID where for example #Default_Network_Policy has #5 which is lower than numbers for custom policies created by myself

    I have the users account with proper time schedule and so on - this part works like a charm but what I want to achieve is that some pages/services are reachable all the time without authentication

    I dont use NAT rules - I was even wondering if this is a problem that I have none of them  ....

  • 0 in reply to Anton Szuk

    Hi,

    unless you have routable IP address ranges internally, you need at least one default masq nat rule that will basically provide access for all rules.

    Ian

Reply Children