This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Private Subnet traffic coming in from WAN interface

I'm sure this is a very stupid question, but I have to ask.

While monitoring firewall traffic today, I noticed some traffic coming in from my WAN interface, from an IP in a private range (10.x). I have a port forwarding dnat rule and the rule apparently allowed this spoofed IP to come in to that port forward.

Shouldn't the utm automatically block invalid packets? Do I have something misconfigured?

This thread was automatically locked due to age.

Parents

0 KentCalero over 9 years ago

Hi Sachin, yes the source is ANY. What would be the correct source to use so that the UTM only includes valid Internet Routable addresses?
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 9 years ago in reply to KentCalero

Hi Kent,

Change the Source address with the Static IP address you wish the traffic should come from and mapped into the servers.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 KentCalero over 9 years ago in reply to sachingurung

Sachin, thank you for your efforts in assisting me. In this case, I want traffic to be allowed from all valid public routable subnets. Meaning, I don't want traffic from private/local subnets to be allowed through.

In other words, I want my NAT rule to ignore traffic from this address list: from https://en.wikipedia.org/wiki/Private_network
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago in reply to KentCalero

You don't need to worry about that traffic, Kent. It's probably the ISPs IP for something on their subnet.

Instead of "Any" in NAT and firewall rules, I prefer to use the "Internet" object.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 9 years ago in reply to KentCalero

You don't need to worry about that traffic, Kent. It's probably the ISPs IP for something on their subnet.

Instead of "Any" in NAT and firewall rules, I prefer to use the "Internet" object.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data