Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 12859 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rules based on User Group Networks not working after upgrading to 9.501-5

DanielCosta

Our system have one firewall rule that allows a group to access any services on internet. The group is correctly configured with my user. This rule is not working since upgrading to 9.501-5 last friday.

If I add individual users in the firewall rule, I can successfully access all services.

I've already tried creating another group and adding it to the rule but it didn't work. I've tried with other users in the group as well. 

We use the authentication agent on the clients to log in. Other rules based on the groups are working (e.g on the web filter).

I've attached some screens of the admin panel.

 



This thread was automatically locked due to age.
Parents
  • 0

    Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post one line corresponding to those above, and explain where the target IP is and what it is.

    Please explain what you do to get the "(User Network)" object to be populated with an IP - are they logging in to a VPN?

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi Bob, thanks for the quick reply.

    BAlfson said:

    Please explain what you do to get the "(User Network)" object to be populated with an IP - are they logging in to a VPN?

    I have a user daniel.costa in Sophos UTM, and this user is in TI group. I use the Authentication Agent in my personal computer. Prior to 9.501-5, after I successfully authenticate, I was allowed access to services based on firewall rules that had TI group in it, as in my first screenshot, where you can see rule #3. (TI2 is another group that I created to force a refresh of the underlying rules, but it didn't work either).

    Web filter rules that are based on TI group work just as before. It seems to be a problem with the firewall module.

    BAlfson said:

    Please post one line corresponding to those above, and explain where the target IP is and what it is.

    In this case I'm trying to access a SSH server (IP address & macs redacted) 

    2017:06:20-19:05:24 firewall01 ulogd[5287]: id="2001" severity="info" sys="SecureNet" 
        sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" 
        outitf="eth0" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="192.168.0.102" 
        dstip="177.71.xxx.xxx" proto="6" length="60" tos="0x00" prec="0x00" ttl="127" srcport="6444" 
        dstport="22" tcpflags="SYN" 

    If I put my individual user in the firewall rule, then I can access everything. But as I said, prior to the update it was working based on the group.

Reply
  • 0 in reply to BAlfson

    Hi Bob, thanks for the quick reply.

    BAlfson said:

    Please explain what you do to get the "(User Network)" object to be populated with an IP - are they logging in to a VPN?

    I have a user daniel.costa in Sophos UTM, and this user is in TI group. I use the Authentication Agent in my personal computer. Prior to 9.501-5, after I successfully authenticate, I was allowed access to services based on firewall rules that had TI group in it, as in my first screenshot, where you can see rule #3. (TI2 is another group that I created to force a refresh of the underlying rules, but it didn't work either).

    Web filter rules that are based on TI group work just as before. It seems to be a problem with the firewall module.

    BAlfson said:

    Please post one line corresponding to those above, and explain where the target IP is and what it is.

    In this case I'm trying to access a SSH server (IP address & macs redacted) 

    2017:06:20-19:05:24 firewall01 ulogd[5287]: id="2001" severity="info" sys="SecureNet" 
        sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" 
        outitf="eth0" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="192.168.0.102" 
        dstip="177.71.xxx.xxx" proto="6" length="60" tos="0x00" prec="0x00" ttl="127" srcport="6444" 
        dstport="22" tcpflags="SYN" 

    If I put my individual user in the firewall rule, then I can access everything. But as I said, prior to the update it was working based on the group.

Children
No Data