Firewall rules (ID's) out of order

This may explain it better. I want to restrict a single device to be able to only connect to the internet on dns and vpn and block all other access. This is failing some some reason the block rule is inserting it self as rule 14 so may vpn access is pushed back to rule id 15. I cannot change the order of the rule ids even though i have place the firewall rule higher.

Can someone help/explain whats happening here?

The rule ID have nothing to do with the rule order (yes i know it sounds strange).

The rules are processed from top to bottom so in tihs case, first rule ID 13 then 15 and last Rule id 14.

Wy it's failing it's hard to say without the rest of the rulebase and the IP of NAS2.

My guess is that you have a rule that gets hit by the trafiC before this ones. What does the Firewall log say?

Hi , 

As mentioned by RickardNordahl, the rules follow from top to bottom and have nothing to do with the Rule number. The Rule number is created as per the order of the creation and usually used for reference.  If you are confused which rule applies to a systems traffic you may conduct a packet picture under diagnostics and check which RULE ID does it traverse through. 

Hello

thank you for the reply. here is an example of the firewall log. Any ideas why udp_1198 is being blocked on rule 14?  i have permitted this port on the rule above but sophos has given this an id of 15

thanks you

Hello

thank you for the reply. here is an example of the firewall log. Any ideas why udp_1198 is being blocked on rule 14?  i have permitted this port on the rule above but sophos has given this an id of 15

thanks you