Good Morning,
I'm looking for a way to disable the logging of dropped packets originating from internal hosts. We use our Sophos UTM device in bridged mode behind a Cisco ASA firewall for IPS purposes. The Sophos UTM does have an IP address that is used for WebAdmin functionality.
We have another software product that runs port scans on internal hosts to check to see which services they run. This alternative software product will regularly scan the Sophos IP, and the Sophos UTM device will drop these packets and log them in the firewall logs. We want to be able to clean up these false positive packet drops to because it will make the auditors happy.
As of now within Firewall rules I have a Drop rule from the probe device to the Sophos UTM device positioned at the top of the rules and I did not select the log packets option. Beneath that I have an allow from Any to Any with the log option turned off. However I still see these packets being dropped.
Does anyone else use their Sophos UTMs in bridged mode who have came across this? Even if I could filter this specific probe host from being logged that would be great. It seems like I've exhausted my options from the GUI so it may need to be something from the Shell?
If anyone has suggestions it would be greatly appreciated!
Thanks!
This thread was automatically locked due to age.
