Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 9714 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to block trafic between subnets

DanielAdolfsson

Hi!

Iäm having trouble with blocking traffic between subnets. I have 3 subnets and when i add a block any any rule nothing happens, I can still reach machines from one subnet to another. Is there some rules that i don't see in the webGUI that can cause this? Also, I notice that when i added the 3rd subnet i could reach machine on that subnet right away without any rules. That does not seem correct. A firewall should block everything that i do not allow.

I hope someone can help me with this.



This thread was automatically locked due to age.
  • 0
    What is the default gateway of the hosts? Plz Post a traceroute between These hosts!
  • 0

    "I can still reach machines from one subnet to another" You have to be more specific. What protocol(s) are you using to test? Ping, HTTP, other? If ping, this is controlled by the checkboxes at Network Protection > Firewall > ICMP, which create firewall rules that have precedence over manually created rules. If HTTP (or many other web protocols) and you are also using the Web Filtering proxy, proxies also create firewall rules that have precedence over manually created ones. In this case, you'd need to create your blocks in the proxy block list.

  • 0 in reply to Scott_Klassen
    The default gateway is the firewall .1 in all subnets.

    I was only using ping and i notice the setting forward ping was enabled so i disable it.
    The ping from subnet2 to subnet1 stopped working as i suspected but the ping from subnet1 to subnet2 still works.

    Also i did not know that it created firewall rules that precedence over manually created rules.
    Can i see this type of rules somewhere? I cannot see anything in the WebGUI.
    It complicate things if i cannot see the rules that ICMP and other services create, I hope there is a setting for this.
  • 0
    Anywhere you find a checkbox that allows traffic or an allowed networks box, it creates hidden "system level" firewall rules. For order of precedence, see #2 at community.sophos.com/.../22065. You can see all rules by querying iptables from the shell, iptables -L -v -n. With ICMP as an example, for more granularity of control, use manually created rules instead of the checkboxes at Network Protection > Firewall > ICMP.