Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 4236 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall groups - How do you do yours?

Louis-M

Just a quick discussion to see if I/we can pick up any tips on arranging firewall rules.

I generally create groups per interface and then add a global group as well (not that there is much that goes in it)

So at a minimum, I would have:

WAN
LAN
GLOBAL

And rules are based on source eg rules coming from LAN would go in the LAN group, those coming from the internet go into the WAN group and the GLOBAL group is for a rule that applies to ALL interfaces.

Now when you start getting up to multiple WANs, DMZs & LANs, it is a great help and I generally never add a rule without it being classified. I also try and shy away from the automatic rules too.

Anybody have any other way of doing this?



This thread was automatically locked due to age.
  • 0

    That looks good, Louis.  About 25% of the rules I initially create are in the 'Tests' group.  They are sprinkled throughout the rule list to make it easier for me to make changes and run tests without renumbering the rules.  Of course, these rules are disabled when not testing.  I will move one to a different group when I want to keep it enabled, so the number of test rules diminishes over time.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Like the idea of a TEST group. I might just add it too knowing that the rules are disabled within.

    One thing that did catch me out working this way was that once you start this, you need to ensure that your rules are all grouped. The ALL rules was far too long and as I had grouped various rules, I used that drop down. Problem was, initially, there were a few rules that weren't grouped and I was scratching my head because I could see them...... until I switch to ALL rules. Maybe there should be an un-grouped group in the default drop down? 

Unfiltered HTML