Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 1217 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing country block rule not working

duggan1

XGS6500 (SFOS 19.0.1 MR-1-Build350)

I have incoming and outgoing rules to block traffic from certain countries, both are the same (with source and destination swapped). Incoming block works, outgoing doesn't seem to trigger. I get the same result from policy tests, any outgoing traffic to an IP that triggers the incoming rule just says there was no matching rule.

Anything obviously wrong here or is there something I'm not aware of?



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    Most likely you have another Firewall Rule for the outbound traffic that is taking precedence over the one you are showing us.

    Try creating a 

    Source Zone: LAN

    Souce Network: Any

    Destination Zones: WAN

    Destination Networks: Belarus, China, Russian Federation

    And make sure you put this on on  the very TOP

    Regards, 

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    I have it configured as you suggest. If there was a rule taking precedence it would surely show in the policy test.

  • 0 in reply to duggan1

    So you're saying this rule shows up as the one in the policy test (and the logs) but it's not doing what you want it to do? It sounded like your problem was that the rule wasn't firing and some other rule was letting the traffic through. (It can't be that no rule is matching, in which case the traffic would not get through.)

  • 0 in reply to Wayne Folta

    Ok, maybe need to be a bit clearer. There is no 'overriding' rule as there's nothing above it, but the traffic is still getting out on one of the other rules further down the list and I don't know why. If I policy test on incoming from a Chinese IP say, it gets blocked by the incoming country rule. If I policy test on outgoing to that IP it says blocked, but No matched rule. However the traffic is getting out, almost as if the IP isn't recognised as being part of China, but on the incoming policy test it is.

  • 0 in reply to duggan1

    OK, that's important. So you're saying that in both cases, when you do a policy test, the packet is dropped or rejected (which?), those are the two options for blocking. In the incoming case, it's dropped and attributed to your incoming rule, in the outgoing case it's also dropped but evidently because no rule matches (i.e. no rule is attributed). Is that correct?

  • 0 in reply to Wayne Folta

    Correct.

    Outgoing blocked:

    Incoming dropped:

  • 0 in reply to duggan1

    I have my source zones as DMZ, LAN, VPN, & WAN,

    Source Networks ANY

    Destination Zones WAN

    Destination Networks (countries to block in a group)

    I have this as the first rule, and a second rule is configured to block inbound,.

Reply Children
No Data
Unfiltered HTML