Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 3267 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why Business Rules allow Servers to Bypass malware scanning?

Cameron Savage

Ok, when I create a business rule to publish a port range for example 10 - 50 TCP or whatever, redirect to a protected 'server'; with reflexive rule created on; that 'server' now can browse the internet without having HTTPs/HTTP inspected.  This seems to apply to any server that has been published.  If you move the network access rule that requires http/https malware inspection above the business rule it seems to break the business rule.  Is this behavior expected?



This thread was automatically locked due to age.
Parents
  • 0

    Cameron,

    Why do you need to open these ports from WAN to LAN and LAN TO WAN?

    If you are publishing a web server, you should allow only those services from WAN to LAN. Do not use reflexive rule.

    For the Web server (LAN TO WAN), allow only required traffic (for example HTTP and HTTPS). Malware scanning works only for HTTP, HTTPS and FTP and not for other protocol.

    Thanks

Reply
  • 0

    Cameron,

    Why do you need to open these ports from WAN to LAN and LAN TO WAN?

    If you are publishing a web server, you should allow only those services from WAN to LAN. Do not use reflexive rule.

    For the Web server (LAN TO WAN), allow only required traffic (for example HTTP and HTTPS). Malware scanning works only for HTTP, HTTPS and FTP and not for other protocol.

    Thanks

Children
No Data