Referencing this: https://community.sophos.com/sophos-xg-firewall/f/discussions/125695/bug-drop-rule-reporting-allowed-connection-in-logs
And there are many others...
I understand that when proxy is enabled, and you drop traffic, it will be accepted by the firewall but rejected by the proxy...
I do not always see this case and I am wondering why..
The rule in question is:
Simple drop rule.
It is located here:
Note rule #19 is the rule in question.
As expected, the firewall log shows accepted traffic:
But when I go to the web filter
(
)
I see this:
Note that both are rule 19, but some are allowed and some denied.
You can see the detailed info of an allowed packet:
and one of a denied one:
I see the allowed one has an exception, but my rule has none. I am trying to understand how this specific rule is being evaluated.
Thanks for your help
This thread was automatically locked due to age.
