Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 5102 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Flow sequence for Sophos UTM

sebastiny
Dear all

I've a question here and needed some answers. Can anyone tell me what is the traffic flow sequence in Sophos UTM? why i asked this is because I have a scenario where I need to block an IP from 3pm to 5 pm. 

- I turn on firewall rules to block this IP's traffic TOTALLY during 3 to 5 pm. 

- I turn on Web filtering for this IP for traffic which is for ALLOWED time

But web filtering will allow traffic for this IP even if firewall stated block!

The web filtering will override any blocking policy in firewall? isn't firewall rules suppose to be screened first before web filtering?


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Scott_Klassen
    Manually created firewall rules have the lowest precedence.  See rule #2 at https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065.  Proxies have system created firewall rules that have a higher precedence than manually created ones.  It's not an override, the manually created ones are never checked, as the system created rule matches first.


    Why is it so? if it's as such, how can someone block total traffic of an IP during a certain timing without losing web filtering too? 

    I've been using Fortigate, all along nv met such issues before. Shouldn't lower layers get screen after the higher layers??
Children
No Data