Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 8685 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting out, I don't know why.

pmolan

Recently something changed.  Not sure what it was.  I was pretty tight with letting devices have access to the internet.  When something new was attached to my lan, it was caught by the last statement of

Internal(Network)  drop Internet IPV4

I brought home a laptop from work and I could get out without making a specific rule for it.  I tried sorting through my settings but I cannot find out how it's getting out.  I then put

Any drop Any

first in the list and everything still can get out.

Any tips on how I can troubleshoot this?



This thread was automatically locked due to age.
  • 0
    Since you haven't given much information to go on (ports/protocols of the traffic, sections of the UTM used, etc), this is only a guess. I'd say that you are using the Web Filtering proxy. When using the proxy, hidden "system" firewall rules are created to allow web traffic for the hosts/networks in the allowed networks box in the profile. These have precedence over any manually created firewall rules.
  • 0
    I second Scott_K's statement, you most likely have the Web Protection module enabled, and set to allow your internal network ranges.
  • 0

    Thank you. That appears to be the correct answer. I turned it off and all traffic halted. I've had this on for 2 years now and never noticed this issue. I must have hit something accidentally in there. I don't have this set up crazy or anything, just blocking ads in general and blocking XXX for the kids.

  • 0

    Also.. If I go to firewall and choose to see automatic rules, I cant see anything obvious in there that is letting the traffic out.

  • 0

    That's why I labelled them as "hidden" system rules. They won't show up in WebAdmin for viewing. In order to see them, you'd need to query iptables from the shell.

    When the show automatic rules feature was added, a few of us fought that it would show all system rules, but it didn't happen. That only shows optional automatic rules, set by checkbox, such as for the client access SSL VPN, as an example.