This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restart rule necessary to apply changes to network definition group

Here are the basics.

I created a group, generated rules for the group and apply and test them.

If I later add or remove a member to that group, I need to turn the rule off and back on for the changes to the group to propagate to the rule.

For example... Group1 is in a rule blocking ping to/from eth1. If I add a PC to Group1, the PC can still ping anything behind eth1 until I restart the rule.

Is this normal?
I'm running under UTM version 9.313-3

Thanks

This thread was automatically locked due to age.

0 papa__01 over 10 years ago

known bug, solved in 9.314
Cancel
Vote Up 0 Vote Down

Cancel
0 MickeyMarc over 10 years ago

Hi Papa_. When I spoke with Sophos support yesterday they told me this was not a known bug and there was no fix in 9.314. Can you point me to a document that confirms the bug / fix? I do not want to bring down the company for a firewall update unless it is going to resolve the issue.

Thanks for your help.
Cancel
Vote Up 0 Vote Down

Cancel
0 SWeissflog over 10 years ago

@MickeyMarc

https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/30225

Fix [35176]: IPTables will not update if you add a host to a network group which is used in a packetfilter rule
Cancel
Vote Up 0 Vote Down

Cancel
0 MickeyMarc over 10 years ago

Thanks for your help Papa_. Much more than I received from Sophos after an hour long call.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 10 years ago

Hi, MickeyMarc, and welcome to the User BB!

If you have Premium Support (you have a paid license and you purchased the support upgrade), you can call, but I wouldn't recommend it. If you have an account that allows you to enter a case on their website, that's the preferred choice. Second is an email to support(at)Sophos(dot)com. If you're dealing with a first contact with level-1 support, don't call. In fact, don't even take their call - wait for a back-and-forth via email and a clear reason to converse.

The most efficient is to have Standard Support and a competent Sophos Solution Partner. If your current one isn't able to help you, contact Sophos Sales for the names of other Solution Partners near you.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel