Sophos Firewall

Discussions How to log all firewall traffic coming from WAN

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 26 subscribers
Views 10341 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to log all firewall traffic coming from WAN

DrMeskon over 8 years ago

Hi,

i want to log all traffic (even if it do not match any rule) coming from WAN. How can I do that?

Firewall is XG which is running on CR50iNG (SFOS 16.05.3 MR-3) C16213132564-B42RR2

This thread was automatically locked due to age.

0 DrMeskon over 8 years ago

Ok, I found feature: diagnostics -> packet capture.
I'm looking for ip 1.1.1.1

See pic:

My wan ip let's say is 2.2.2.2. Why it is showing rule ID as 1? Because my rule 1 is VPN. WTF

IP 10.10.x.x is local pc for which i want to allow all traffic from 1.1.1.1
Cancel
Vote Up 0 Vote Down

Cancel
0 DrMeskon over 8 years ago in reply to DrMeskon

Ok, i found that rule 1 is not first rule in list, but it's ID is 1.
So then how to allow all traffic from specific IP (let's say 1.1.1.1) to my internal network pc (10.10.x.x). Should I use DNAT as in picture:

Because it is not matching anything
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to DrMeskon

Almis,

you need to create a DNAT to forward external packets directed to WAN servers to internal Server using port and address translation.

If the rule is never hit, you are doing something wrong.

Pay attention with Source, destination and forward to.

On Sophos Website you can find how to create a DNAT.

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 DrMeskon over 8 years ago in reply to lferrara

Hi,
i just want to allow all traffic from particular IP so that similar issues like this won't appear:
Cancel
Vote Up 0 Vote Down

Cancel