Noob on utm

Hello Raz,

welcome! What you can do is simply try things out and watch the Firewall "Live Log" under "Network protection". You can learn from there, which traffic is caused by your internal devices und what you should do to allow some of the traffic it blocks. The next important thing is DNS and DNS-forwarding, follwed by NAT-rules ("Masquerading") for your internal clients to be abel to reach the internet.

I highly recommend the "Rulz" BAlfson has put together over the years, see this link: https://community.sophos.com/products/unified-threat-management/f/general-discussion/22065/rulz

Even if you don't understand all that is described there, you can just pick them one after the other to get things going.

Good luck!

Hello Raz,

welcome! What you can do is simply try things out and watch the Firewall "Live Log" under "Network protection". You can learn from there, which traffic is caused by your internal devices und what you should do to allow some of the traffic it blocks. The next important thing is DNS and DNS-forwarding, follwed by NAT-rules ("Masquerading") for your internal clients to be abel to reach the internet.

I highly recommend the "Rulz" BAlfson has put together over the years, see this link: https://community.sophos.com/products/unified-threat-management/f/general-discussion/22065/rulz

Even if you don't understand all that is described there, you can just pick them one after the other to get things going.

Good luck!

Thank you.

I will try to understand the rules :)

And BTW Sophos rules even for a newb it look like is having huge potentials as soon as u get to understand it

Geiasou Raz and welcome to the UTM Community!

You will also want to consider the general approach of DNS best practice.

Cheers - Bob
PS Thanks, Philipp, for the vote of confidence!

Iv read the rules but still not able to do what I want :(

From web filtering logs I get 

url="https://de.api.io.mi.com/" referer="" error="" authtime="0" dnstime="8" aptptime="207" cattime="0" avscantime="0" fullreqtime="172408" 

and I'm totally lost :(

I have a bunch of Xiaomi IoT in my network environment.  Its a bit tricky to get it to work.  The way I do it to initially assigned an IP address based on the MAC address and setup a FW rule for outbound traffic and open FW live log to see what port needs to open.  After your IoT is connected, then locked it down to that specific port.  Takes some time to get use to. 

I have all my Xiaomi IoT in a separate network from my Internal LAN

BTW, I have Xiaomi (gateway, door/window sensor, smart light, universal remote, air filter, etc..)

Good Luck

Dear Patrick

First of all thank you so much for taking the time to answer to my post.

Each IOT in my network is having an static IP but still no luck.

I start thinking that my tplink is against xiaomi :)

Will you be so kind and give me a live example (cuz I got my ears stuck on the xiaomi )

P.S. I have the same

QUOTE

"BTW, I have Xiaomi (gateway, door/window sensor, smart light, universal remote, air filter, etc..)

and since utm they are off :(

Best

Raz

all my Xiaomi is going out on UDP port 8053.  Noticed I don't have all my sensors included in the FW rule, because they communicate directly with the gateway.

Raz, please post the entire Web Filtering log line corresponding to what you posted about 3-1/2 hours ago.  If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical.

Cheers - Bob

2019:12:13-19:08:26 sophos httpproxy[12276]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.x.x" dstip="35.157.42.148" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5652" request="0xd061ce00" url="https://de.api.io.mi.com/" referer="" error="" authtime="0" dnstime="51135" aptptime="166" cattime="229" avscantime="0" fullreqtime="250497" device="0" auth="0" ua="" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" country="Germany"

Thank you for your time.

Looks like i'm under noob level cuz I can't manage to make it work.

I made a group for my xiaomi devices and with UDP allow I'm still not able to reach them.

Post your FW live log and narrow to the IP address of your gateway similar to example below