Hi,
when an network object is used as a ip pool object for ssl vpn and you try to delete it, you can't delete it. Error message "One of the values you entered is syntactically or logically incorrect". See also: https://community.sophos.com/products/unified-threat-management/astaroorg/f/91/t/66251.
HOWEVER: If that network object is used in a packet filter rule, strange things can happen. Unfortunately I cannot reproduce it accurately as it does not happen ever time, just once in a while.
What happens:
1.) All Rules with that object will be deleted without warning, although the object is NOT deleted. INFO: Happens just once in a while, hard to reproduce.
2.) All Rules where that object is the source AND destination object (e.g. in bridge mode), will be deleted without any warning, although the object is NOT deleted. INFO: This happens almost every time.
How to reproduce:
1.) Create an object "ssl_pool": 10.1.1.0/24
2.) Add it as SSL VPN IP Pool.
3.) Add a packet filter rule: From: ssl_pool, To: ssl_pool, Service: any, accept.
4.) Try to delete the object: ssl_pool.
You will see the error message I mentioned above and the objects stays there untouched. Now go to the packetfilter rules and you will find the rule you added at step 3.) has been deleted.
Could be considered a bug, even though a very strange one and only critical in rare situation (e.g. bridge mode). However, maybe there is a general bug in the code that could do more harm. As I mentioned, even the rules where the object was used only in source OR dest, have been deleted "SOMETIMES"....
==> UPDATE: This seems to be a "display" problem. Reloading the mask does not get the rules back, however, a logout/login sequence solves the "problem". The deleted rules are back!
Thanks!
Guest User!
You are not Sophos Staff.
