Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 318 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Drop rule shows Accepted traffic in firewall AND proxy.

pablol

Referencing this: https://community.sophos.com/sophos-xg-firewall/f/discussions/125695/bug-drop-rule-reporting-allowed-connection-in-logs

And this: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/LogViewer/Logsbehavior/index.html

And there are many others...

I understand that when proxy is enabled, and you drop traffic, it will be accepted by the firewall but rejected by the proxy...

I do not always see this case and I am wondering why..

The rule in question is:

Simple drop rule.

It is located here:

Note rule #19 is the rule in question.

As expected, the firewall log shows accepted traffic:

But when I go to the web filter

( )

I see this:

Note that both are rule 19, but some are allowed and some denied.

You can see the detailed info of an allowed packet:

and one of a denied one:

I see the allowed one has an exception, but my rule has none. I am trying to understand how this specific rule is being evaluated.

Thanks for your help



This thread was automatically locked due to age.
  • 0

    Hi,

    there are default exceptions in the web tab which could be affecting your rule behaviour.

    I was given an explanation for this behaviour and was not happy with it. Does the connection actually occur?
    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Cookie Information Banner