Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 18 replies
  • Subscribers 3 subscribers
  • Views 30773 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow certain traffic

A.M. Heijboer

Hello everybody,

I would like to ask you for help. The thing is that I wan't to allow certain services. These include Dropbox and Spotify.

I've allowed Dropbox and Spotify via Application Control (Web Protection > Application Control), but I am still seeying many red lines in the Firewall live log, where you can see the service (Dropbox or Spotify) and next to that you see that the packet has been dropped.

Since I've allowed them in Application Control, how could this happen?

Well, I hope somebody can explain to me what I'm doing wrong, and can give some advice, on how I can manage to do this in the most secure and efficient way.

Thanks a lot!

P.s. yes, I have disabled the IPS rules for Skype



This thread was automatically locked due to age.
Parents
  • 0

    Hi, A.M., and welcome to the UTM Community!

    When obfuscating an IP, please leave enough clear so that we can see whether it's public or private and differentiate it from similar IPs involved in the issue.

    As others have said, in order for traffic to be seen by Application Control, it first must be accepted by a manual or automatic firewall rule.  See #2 in Rulz.

    Often, #1 in Rulz will point to the cause of a problem.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hey Bob,

     

    Thanks for telling me that! I just realize it right now. I will obfuscate better!

     

    About rule 2, okay good suggestion, I think it is a good idea to go over that again. It starts with the connection tracker (conntrack) first, then Country Blocking (DISABLED), then DNATs (ENABLED for internal network and VPN clients. Tested and is working OK), then VPNs (DISABLED, I don’t use site-to-site VPN’s, only remote access), then Proxies (except the SMTP Proxy in Transparent mode which captures traffic forwarded by a DNAT) (DISABLED, I don’t use a proxy (except for the webfiltering feature, but i don’t think they mean that by this), then manual Routes and manual Firewall rules (ENABLED, I don’t use manual Routes, but I have a manual Firewall rule, which is INTERNAL > ANY > ANY so that should do it), which are considered only if the automatic Routes and rules coming before hadn't already handled the traffic and, finally, Applications Control (so I thought it was in application control).

     

    Maybe I can find more info in the logs? For example if it would not reach the application control, then there must be a log entry somewhere in the firewall log, where you can see the packet getting dropped, right?

     

    I’m going to look at all the logs again tomorrow (I’m so sorry but I’m on a busy schedule), I really appreciate all of you help, time and effort!!

     

    Thank you,

    Adriaan Heijboer

Reply
  • 0 in reply to BAlfson

    Hey Bob,

     

    Thanks for telling me that! I just realize it right now. I will obfuscate better!

     

    About rule 2, okay good suggestion, I think it is a good idea to go over that again. It starts with the connection tracker (conntrack) first, then Country Blocking (DISABLED), then DNATs (ENABLED for internal network and VPN clients. Tested and is working OK), then VPNs (DISABLED, I don’t use site-to-site VPN’s, only remote access), then Proxies (except the SMTP Proxy in Transparent mode which captures traffic forwarded by a DNAT) (DISABLED, I don’t use a proxy (except for the webfiltering feature, but i don’t think they mean that by this), then manual Routes and manual Firewall rules (ENABLED, I don’t use manual Routes, but I have a manual Firewall rule, which is INTERNAL > ANY > ANY so that should do it), which are considered only if the automatic Routes and rules coming before hadn't already handled the traffic and, finally, Applications Control (so I thought it was in application control).

     

    Maybe I can find more info in the logs? For example if it would not reach the application control, then there must be a log entry somewhere in the firewall log, where you can see the packet getting dropped, right?

     

    I’m going to look at all the logs again tomorrow (I’m so sorry but I’m on a busy schedule), I really appreciate all of you help, time and effort!!

     

    Thank you,

    Adriaan Heijboer

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?