This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ getting to LAN

OK so this is new setup/play

I have a few rules, basic ANY at the moment but will lockdown later.
i'm sure this is not the issue here.

So my Rules are:
1: LAN -> ANY -> InternetIP4 (ALLOW)
2: LAN -> SSH,RDP,HTTP -> DMZ (ALLOW)
3: DMZ -> HTTP -> InternetIP4 (DENY) - So DMZ can't get to router GUI
4: DMZ -> ANY -> InternetIP4 (ALLOW)

items from DMZ to LAN IPs like SSH,RDP,TELNET, PING, do not get to LAN

HTTP (not tested HTTPS) can get to LAN. i'm guessing the sophos is dealing with the traffic in another way. Even adding the following doesn't stop HTTP

between 2: & 3:
DMZ -> HTTP -> LAN (DENY) - HTTP still works.

Please advise ! [:(]

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 10 years ago

HTTP (not tested HTTPS) can get to LAN. i'm guessing the sophos is dealing with the traffic in another way. Even adding the following doesn't stop HTTP
You are using the Web Filtering proxy, which has a higher precedence than any manual firewall rules. If you need to block HTTP access from DMZ to LAN, you would need to block this traffic in the Filter Action you are applying to the DMZ network.
Cancel
Vote Up 0 Vote Down

Cancel
0 kv102t over 10 years ago in reply to Scott_Klassen

i don't want to miss a protocol.

guess it's
HTTP
HTTPS
FTP

?? anymore?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 kv102t over 10 years ago in reply to Scott_Klassen

i don't want to miss a protocol.

guess it's
HTTP
HTTPS
FTP

?? anymore?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 apijnappels over 10 years ago in reply to kv102t

i don't want to miss a protocol.

guess it's
HTTP
HTTPS
FTP

?? anymore?

There's also a group Web Surfing which includes HTTP, HTTPS, HTTP Proxy and HTTP Webcache.
Cancel
Vote Up 0 Vote Down

Cancel