Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 29071 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LAN to WAN Rule - Restrict by Port and IP Address

RyanAllcorn

Happy Monday Everyone!

I have created a User/Network LAN to WAN rule for our new cloud hosted IP phone system. The rule works when I have any LAN to any WAN as the networks but I want to restrict by TCP/UDP Ports and IP address(es). I have attached a screenshot of the rule for reference.

Again when I remove the WAN IP addresses, the rule works. I have run into this issue with most of my other rules in that I have to leave them ANY cause when I lock it down by IP or even the network port on the XG appliance, the rules don't work.

What am I doing wrong? Thanks in advance!



This thread was automatically locked due to age.
Parents
  • 0

    HI Ryan ,

    As per the snaps provided , It would seem you have configured the rule correct. To verify the rule please take the SSH of the Appliance and go to console via option 4.  Type the command :> tcpdump  'host <WANIP> and port <PORT> . Here WANIP would be the host address you have configured in the destination and port would be Services added to that rule . 
    Test the connection from your LAN system and monitor the packet flow if it went OUT from WAN-Interface or not . Furthermore, you may also capture the packet via Packet Capture i.e. system > diagnostics > Packet Capture and check if the packet is forwarded or not. 

    You may DM me the logs from packet capture and SSH .  For more information on  Tcpdumps kindly refer the KB  article https://community.sophos.com/kb/en-us/115343 

    Thanks and Regards 

    Aditya Patel  | Network and security Engineer.

  • 0 in reply to Aditya Patel

    i am having the same issue I have create a rule like the one below it does not work every thing is blocked

    but if i change source network and device to ANY it works.

    Source                                    Source Network and Device                      schedule

    Lan                                                 Port 3                                                       All the time

                                                            Port3.10

     

    Destination                                Destination Network                        Service

    Wan                                                     Any                                                   http

                                                                                                                            https

     

  • +1 in reply to lenyick

    Having the port as Source, it seems that the traffic is not considered. If you remove the Port from Source Network and Add the Devices (IP, IP range) the rule works with no issue.

    Why do you need to use Port inside Source Network?

  • 0 in reply to lferrara

    Hey Luk

    After further trial and error and discussion with the Sophos Support Engineer, the incorrect source port is the reason why the rule getting skipped. When I inserted a * into the source port and looked at the traffic again, the rule was working as intended.

    Thanks again everyone!

Reply
  • 0 in reply to lferrara

    Hey Luk

    After further trial and error and discussion with the Sophos Support Engineer, the incorrect source port is the reason why the rule getting skipped. When I inserted a * into the source port and looked at the traffic again, the rule was working as intended.

    Thanks again everyone!

Children