WebAdmin does this automatically when you assign a default gateway to the WAN interface. What problem were you having that you wanted to create a separate rule?
Last Wednesday we try to reconfigure again firewall configuration as below, UTM are able to access untill their data center & Internet but internal user didn't.
Routing should be no issue because for the testing I'm using the same configuration with their current firewall fortigate 300c.
Does masquerade rule will cause this issue since like I mention UTM can ping untill external which go through their data center with another firewall for internet access.
I manage performed simulation test at customer site which is same configuration and issue that encounter when case logged.
We have configured simulation test for failed access branch from external and found that Sophos drop ICMP from external to branch internal network, please refer attachment for simulation result for reference. Thanks
The big difference in ping behavior with the new version is that you need a manual firewall rule to allow pings arriving on an interface with a default gateway.
I'll revert back once tested again at office tomorrow using same simulation method, if ping required manual firewall rule Sophos should provide information at ICMP option which from my understanding once all option is selected and firewall rule is set any2any all traffice should pass through [:S]. Thanks
Yes, the settings on the ICMP tab applied to traffic in both direction before V9. Now, they apply only to traffic that originates "inside" the UTM, not traffic from "outside" your LANs.
Cheers - Bob
Sorry for any short responses. Posted from my iPhone.
