This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

alll traffic passing from the default policy and not from the policies i created

Hi guys

i deployed sophos XG firewall and I created policies that matches the vlans in my network, knowing I gave port1 a static IP, and configured the Vlans as used in my network, the next step is to add polices, when adding new firewall policies and setting the xg firewall as a default gateway for the pc's the traffic is moving through rule number 1 (default policy) not from the policies I created, what could be the problem?

This thread was automatically locked due to age.

Parents

0 lferrara over 8 years ago

Omarababneh,

can you share your configuration?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

0 omarababneh over 8 years ago in reply to lferrara

ID 4
Web Filter: Default Workplace PolicyNAT Policy: MASQAV & AS Scanning: FTP, HTTP, HTTPSRouting Through Gateway: Load Balance
Accept any service going to "WAN" zone, when in "LAN" zone, and coming from "#Port1.64" network, decrypt and scan for malware , then apply log connections

64r[ ID : 5 ]
in 0 B, out 0 B
WAN
Any Host
LAN
#Port1.64
Any Service
Accept

ID 5
Routing Through Gateway: Load Balance
Accept any service going to "LAN" zone, when in "WAN" zone, and coming from any network

#Default_Network_Policy[ ID : 1 ]
in 4.36 GB, out 216.68 MB
LAN
Any Host
WAN
Any Host
Any Service
Accept

ID
1
Minimum Heartbeat : No Restriction
NAT Policy: MASQRouting Through Gateway: Load Balance
Accept any service going to "WAN" zone, when in "LAN" zone, and coming from any network

--------------------------------------------------------------------------------------------------------------------------------------------------------------

Port1 LAN , Physical	Connected 1000 Mbps - Full Duplex Auto-negotiated	192.168.0.7/255.255.255.0 Static
	Port1.10 LAN , VLAN	N/A N/A	172.16.0.10/255.255.240.0 Static
	Port1.16 LAN , VLAN	N/A N/A	172.16.16.10/255.255.240.0 Static
	Port1.32 LAN , VLAN	N/A N/A	172.16.32.10/255.255.240.0 Static
	Port1.48 LAN , VLAN	N/A N/A	172.16.48.10/255.255.240.0 Static
	Port1.64 LAN , VLAN	N/A N/A	172.16.64.10/255.255.240.0 Static

0 lferrara over 8 years ago in reply to omarababneh

Inside rule id 4, remove the port.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 lferrara over 8 years ago in reply to omarababneh

Inside rule id 4, remove the port.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 omarababneh over 8 years ago in reply to lferrara

i want to create different policies to each vlan
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to omarababneh

If you have created the VLAN already, create additional Zone or use source network to apply rules per Vlan.

Show some screenshot
Cancel
Vote Up 0 Vote Down

Cancel
0 omarababneh over 8 years ago in reply to lferrara

the policy i created is between WAN zone and LAN zone which is under port 1 and it contains my VLANs under port1.16 1.32, 1.64....etc

and to the WAN zone, how can i create new zone and why?

the VLANs configuration is in my previous answers
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to omarababneh

blogs.sophos.com/.../
Cancel
Vote Up 0 Vote Down

Cancel