Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 7563 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default fwrules

NicolaSivo

Hi,

i found this post :

https://community.sophos.com/kb/en-us/115029

in which are documented these default rules.

I need to find documentation about all the others, like 62022 o 62017.

I cant find anything about this stuff, even in the device manual or official documentation, help needed.

Thanks



This thread was automatically locked due to age.
  • 0

    Hi Nicola,

    Give me sometime, I will search for the required information.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to NicolaSivo

    Hi, Nicola, and welcome to the UTM Community!

    Can you show examples of these fwrule codes from the Firewall log files?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Sure:

    2016:09:23-09:01:19 firewall-1 ulogd[14187]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62012" initf="eth1" srcmac="00:18:74:16:aa:." dstmac="00:.:8c:f0:.:." srcip="y.y.y.y" dstip="x.x.x.x" proto="6" length="52" tos="0x00" prec="0x00" ttl="126" srcport="51606" dstport="443" tcpflags="SYN"
    2016:09:23-09:01:19 firewall-1 ulogd[14187]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62012" initf="eth1" srcmac="00:.:74:16:aa:." dstmac="00:.:8c:f0:.:." srcip="y.y.y.y" dstip="x.x.x.x" proto="6" length="64" tos="0x00" prec="0x00" ttl="62" srcport="56145" dstport="443" tcpflags="SYN"
    2016:09:23-09:01:19 firewall-1 ulogd[14187]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62012" initf="eth1" srcmac="00:..:74:16:aa:." dstmac="00:.:8c:f0:.:." srcip="y.y.y.y" dstip="x.x.x.x" proto="6" length="64" tos="0x00" prec="0x00" ttl="62" srcport="56146" dstport="443" tcpflags="SYN"
    2016:09:23-09:01:19 firewall-1 ulogd[14187]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62012" initf="eth1" srcmac="00:..:74:16:aa:." dstmac="00:.:8c:f0:.:." srcip="y.y.y.y" dstip="x.x.x.x" proto="6" length="52" tos="0x00" prec="0x00" ttl="126" srcport="51607" dstport="443" tcpflags="SYN"
    2016:09:23-09:01:20 firewall-1 ulogd[14187]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62021" initf="eth1" srcmac="00:..:74:16:aa:." dstmac="00:.:8c:f0:.:." srcip="z.z.z.z" dstip="u.u.u.u" proto="6" length="44" tos="0x00" prec="0x00" ttl="55" srcport="1418" dstport="55331" tcpflags="SYN"
    2016:09:23-09:01:22 firewall-1 ulogd[14187]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62012" initf="eth1" srcmac="00:..:74:16:aa:." dstmac="00:.:8c:f0:.:." srcip="y.y.y.y" dstip="x.x.x.x" proto="6" length="52" tos="0x00" prec="0x00" ttl="125" srcport="51912" dstport="443" tcpflags="SYN"

    x.x.x.x is a webserver

  • 0 in reply to NicolaSivo

    I would guess that NAT rule #12 forwards web requests to the server at x.x.x.x.  Similarly, #21 forwards to u.u.u.u and both rules have logging selected.  Is that right?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Ok i got it, i was looking for a rule number 62012 instead of just 12... Of course i could not find it in my tables.

    So the first 2 digits are negligible.

     

    Thanks for the answer.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?