Firewall rules (ID's) out of order

This may explain it better. I want to restrict a single device to be able to only connect to the internet on dns and vpn and block all other access. This is failing some some reason the block rule is inserting it self as rule 14 so may vpn access is pushed back to rule id 15. I cannot change the order of the rule ids even though i have place the firewall rule higher.

Can someone help/explain whats happening here?

This may explain it better. I want to restrict a single device to be able to only connect to the internet on dns and vpn and block all other access. This is failing some some reason the block rule is inserting it self as rule 14 so may vpn access is pushed back to rule id 15. I cannot change the order of the rule ids even though i have place the firewall rule higher.

Can someone help/explain whats happening here?

The rule ID have nothing to do with the rule order (yes i know it sounds strange).

The rules are processed from top to bottom so in tihs case, first rule ID 13 then 15 and last Rule id 14.

Wy it's failing it's hard to say without the rest of the rulebase and the IP of NAS2.

My guess is that you have a rule that gets hit by the trafiC before this ones. What does the Firewall log say?

Hi , 

As mentioned by RickardNordahl, the rules follow from top to bottom and have nothing to do with the Rule number. The Rule number is created as per the order of the creation and usually used for reference.  If you are confused which rule applies to a systems traffic you may conduct a packet picture under diagnostics and check which RULE ID does it traverse through. 

Hello

thank you for the reply. here is an example of the firewall log. Any ideas why udp_1198 is being blocked on rule 14?  i have permitted this port on the rule above but sophos has given this an id of 15

thanks you

hello

i have done the packet capture. See below

Regards

D.

Hello all

thank you for the replies. i have figured it out. my udp_1198 service had the src/dst port as 1198. i have altered it to

source 1:65535 and destination port 1198

this is now working.

thanks again

Hi Requiem 

Thank you for an update so you have understood the working of the Rule and how to troubleshoot them. 

Yes, i new to sophos coming from an old Cisco ASA5505 so im very much new and still learning.

thank you again for your time and assistance all