Sophos Firewall: v19.0 MR1: Feedback and experiences

No luck. I tried saving the wireless IoT network, the WiFi zone, all without problem.

Then I even tried to set the rule "LAN to WIFI"  Any,Any, to Any,any.

Still the same. All networks and rules are properly evaluated, just this WiFi network is not.

I will try the policy test with 19.0GA

in 19.0 GA it is working and picking the rule:

That is very odd. Try to change the Zone of Wifi to something else. Does the Policy test work? 

In any case, feel free to give me the Access ID (Support access) via DM. I will try to reach out to somebody to check this. 

OMG. Now as I recreated the zone on 19.0 GA I have the same issue!

I could finally resolve it by deleting the wireless network including its DHCP range, and do it from scratch.

Then a new firewall rule and it starts working and is accepting.

So I was hopeful to try the same thing on MR1, but unfortunately this didn't do the trick. So it really seems something has changed regarding wireless routing (as in separate zones, bridging is working).

I will send you the access ID.

Same problem observed. After the upgrade to v19.0.1 MR-1 traffic is not hitting the firewall rule and is being logged and dropped by rule ID=0.

LuCar Toni said:

Why do you use a rule without Logging? 

Lucar? The more important question is: Why is "log firewall traffic" not checked by default?

Could you send me the AccessID as well? 

It is per design not enabled. If you want Default Drop logged, you can create a own Rule, which does this for you. You cannot enable Default drop logging. docs.sophos.com/.../index.html

LuCar Toni said:

It is per design not enabled. If you want Default Drop logged, you can create a own Rule, which does this for you. You cannot enable Default drop logging. docs.sophos.com/.../index.html

It is not about logging default drop.. it is about creating a new firewall rule and having to enable logging every time... Why could sophos not check the "log firewall traffic" per default? it makes absolutely no sense to leave it unchecked...

It is quite simple. The rule you see is is not a actual firewall rule, which could be potentially be edited. It is simply a placeholder to present to the admin, there is a default drop in place. It is not like this rule actually exists within the system. Default drop is a rule within the system and cannot be edited at this time of being. So you cannot "simply add logging to this rule", as there is no rule. Default drop is a principle, which the core system does, if there is no rule in the first place. So there is no logging enabled in this scenario. If you want to have a logging, you can do this by your own by creating your own rule. 

To enable the default drop logging per default is something on the roadmap for a future release, but there are other items, which are more compelling than revamping the default dropping due the fact, you can simply enable this by using your own rule. 

It's not about the default rule. It's about the 'actual' firewall rules.

When I manually create a new firewall rule, logging is not enabled by default. I have to manually enable this.