Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 7953 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange behavior on firewall

Renede Bie

Hi

I got an appliance running as test in homelab with 4 network ports.

Two are configured as LAN.

When I make a rule for http,https and tcp 3218 and Web enabled the internet connection of a system running on 10.10.11.115 and using 10.10.11.254 gateway.

When I open a site like: www.nu.nl or www.telegraaf.nl it works without an issue.

But when I change the source from LAN - ANY to LAN - port D I get issues.

When I open the websites is telling me there is a certificate error and I get a blocked page ?

When changing rule back from LAN - ANY it works again ...

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I will take a guess, port D only goes to the 10 network and nothing else and what you are seeing is really a mis-classification instead of network unreachable error.

     

    Ian

     

    fixed spelling error.

  • 0 in reply to rfcat_vk

    Show me how a rule should look like when I got a system with IP 10.10.11.115 that has gateway 10.10.11.254 (sophos port D) to internet.

    LAN port A has 172.16.16.16 as address so that should be excluded.

  • 0 in reply to Renede Bie

    Basically the rule should any zone (source )-> any host -> any zone (destination) -> any host -> any service because you are using the proxy.

    The gateway would be part of your config on port D so going to any host in the destination zone will use the correct gateway.

    Why are you using http and https when they are part of the 3128 proxy?

    What rule does your UTM, are you using the http proxy and in what mode?

    Do you have the proxy setup on your PC?

     

    Ian

  • 0 in reply to rfcat_vk

    Hi

    My sophos works in gateway mode. I did add http, https like in the example of the sophos help page.

    I did remove http and https and it still works.

    But I cannot make a rule that only allows subnet 10.10.11.x thats connected to port D can access the internet. It only works if ANY-ANY is used

Reply
  • 0 in reply to rfcat_vk

    Hi

    My sophos works in gateway mode. I did add http, https like in the example of the sophos help page.

    I did remove http and https and it still works.

    But I cannot make a rule that only allows subnet 10.10.11.x thats connected to port D can access the internet. It only works if ANY-ANY is used

Children