[9.186][QUESTION] Filter Profiles questions

Been trying to wrap my haed around filter profiles in its new form. Here are a few questions.
1. Are the rules read in order?
I ask this since I can create a set of policies. Lets say 3 policies. First policy would be defined with specific internal hosts and approriate filter policies. Second policy would be for the entire internal network using edir sso. All works well at this point. Add a third rule for EP clients. I specify the ep client group under allowed ep groups. This does not see to work. If I add the machine into allowed nertworks it will work. that is for internal. If I add any to allowed networks than it overrides every rule prior, but the rule works. What am I not understanding about this process.

Thanks

Parents

0 warper over 11 years ago

Hi Michael,
Here is what I see when I click open ep live log
2013:12:16-14:32:27 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:32:27 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:33:20 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:33:20 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:34:13 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:34:13 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:35:06 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:35:06 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:36:54 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:36:55 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:37:48 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:37:48 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:38:41 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:38:41 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:39:34 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:39:34 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"

the /var/log/eplog.log is empty

My UTM id is: 18375d81-281f-3081-8ef9-5c1e8f8e15e0

Thank you
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 warper over 11 years ago

Hi Michael,
Here is what I see when I click open ep live log
2013:12:16-14:32:27 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:32:27 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:33:20 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:33:20 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:34:13 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:34:13 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:35:06 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:35:06 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:36:54 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:36:55 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:37:48 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:37:48 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:38:41 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:38:41 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"
2013:12:16-14:39:34 astaro epsecd[5303]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2013:12:16-14:39:34 astaro epsecd[5303]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="3722159"

the /var/log/eplog.log is empty

My UTM id is: 18375d81-281f-3081-8ef9-5c1e8f8e15e0

Thank you
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data