Sophos Firewall

Discussions Access with broadcast IP address

Sophos Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 10 replies
Answers 1 answer
Subscribers 28 subscribers
Views 1406 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access with broadcast IP address

minis over 3 years ago

hello,

we have SG330 (SFOS 18.5.2 MR-2-Build380) , and we discover that we can access the firewall with broadcast address, how we can desactivate it .

any help

thanks

This thread was automatically locked due to age.

Parents

0 rfcat_vk over 3 years ago

Hi,

I assume you are talking about 10.10.10.255:4444 in a /24 network? Please post the log entries showing this and then the firewall rule being used?

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 minis over 3 years ago in reply to rfcat_vk

hi,

you are right, we can access it with our local broadcast IP address . and we don't have any access related to this access,

we allow access with administration > device access

any advice !!!
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to minis

Hi,

please post a logviewer entry showing this and also your network interface configuration in expanded form with critical information blocked out.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 minis over 3 years ago in reply to rfcat_vk

Hi ,

hereafter the interface configuration

the access to the broadcast address

the logs show the traffic is dropped, however, access is allowed

any idea !!!

BR,
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to minis

Hello there,

Most likely you have a bypass of the Firewall.

SSH into the XG and run the following command from the Advanced Shell:

# cish
console> show advanced-firewall

Regards,
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to minis

More than likely you have a network mask allowing the 255 address to be valid somewhere your configuration eg /23.

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 3 years ago in reply to minis

More than likely you have a network mask allowing the 255 address to be valid somewhere your configuration eg /23.

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data