Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 5786 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow any service vom particular network? Currently ends in default drop

noviceiii

Dear all

I have created a new network "IoT".
It should become the home for all devices I don't trust in my network. Such as playstation, weather station, radio...

I would like to allow all outbound traffic from that particular IoT network. 
But currently all outbound traffic runs into a default drop on the firewall log.

The blocking happens with firewall rule #1 "IoT (Network) -> any -> External (Network). 
However, If I set:
The blocking happens with firewall rule #1 "IoT (Network) -> any -> Any, it is working.

Of course, if I set the allowed destination network to "Any Network", I have traffic in my regular network. This I would like to avoid.

Could somebody help me with it?

 

 

Kind regards

Novice



This thread was automatically locked due to age.
Parents
  • 0

    To clear something:

    Rule 1 should not exist, no traffic is going to External Wan but through.

    I dont get the question very clear. Anyway if you want traffic from one network and not from other, you should define different networks ranges. Example (1) 192.168.2.0/24 (2) 192.168.3.0/24. In this case an extra interface or VLAN is required.

    But lets not complicate the things.

    Define those devices as hosts with IP Addresses an maybe create a group "lot" with those hosts

    One Rule in the top for the Group "lot" should be sufficent

Reply
  • 0

    To clear something:

    Rule 1 should not exist, no traffic is going to External Wan but through.

    I dont get the question very clear. Anyway if you want traffic from one network and not from other, you should define different networks ranges. Example (1) 192.168.2.0/24 (2) 192.168.3.0/24. In this case an extra interface or VLAN is required.

    But lets not complicate the things.

    Define those devices as hosts with IP Addresses an maybe create a group "lot" with those hosts

    One Rule in the top for the Group "lot" should be sufficent

Children
  • 0 in reply to Ol Deda

    Thank you for the reply and kind help.

    I do have different network ranges 192.168.3.0/24 and 192.168.50.0/24. Both are on different VLANs.

    However, I have figured out meanwhile what was "wrong"... 
    I did test the setting by using ping. This doesn't seem to be affected from the firewall rules. It is managed on the Firewall -> ICMP and dominant over the remaining firewall rules.
    So, no matter what I have set on the firewall, I always got a ping response. 

    Yes. facepalm.

    Greetings

    n3

Unfiltered HTML