Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Answers 3 answers
  • Subscribers 6 subscribers
  • Views 15974 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Rule "DROP" not working

Davide Giordano

 Good Morning,

I create the firewall rules to DROP packets from an interface to LAN interface but the DROP does not working.

 

 

Tha LAN_VOIP network doesn't must see the Internal Network and the DMZ network, and the same for the DMZ and Internal Network.

 

Why? 



This thread was automatically locked due to age.
  • +1

    Hi Sir Davide,

    Good Day

    Option 1:

    Put these 2 Firewall rule into TOP

    Option 2:

    Do the Web Protection Policy was enabled?

    Option 3:

    See logs under Firewall Rule 


    Thank you

    PS
    Im also a Newbie

     

  • 0 in reply to Proudmore

    Hi,

    thanks for the reply.

     

    Option 1:

    i try it, but not working

    Option 2:

     

    Yes the Web Protection policy is enabled

  • 0 in reply to Davide Giordano

    Hi Sir Davide,

    Good Day

    Upon checking with your Firewall Rule

    What does LAN-VOIP Network > ANY > ANY?
    * Destination "ANY" allows all match traffic
    * Much better to config like this if only traffic goes to internet 
    * try this setup LAN-VOIP Network > ANY > IPV4
    * Same as the other configurations

    Then try to test if LANVOIP, INTERNAL and DMZ see each other

     

    Thank you

     

     


     

  • 0 in reply to Proudmore

    Because the LAN_VOIP must has all services opened to the External WAN (the internal network NO), how can i edit the rule?

     

    I try from the internal network to ping and IP of the LAN_VOIP and works. i discover now that only pings works, the others services no(fortunately). Why ping works?

  • +1 in reply to Davide Giordano

    Hi Sir,

    Yes if all VOIP, DMZ and LAN network traffic ONLY goes to WAN

    It is okay to config like this

    VOIP > ANY > IPV4

    DMZ > ANY > IPV4

    LAN > ANY > IPV4


    then try to delete those drop Policy  and make a tests again 
    Hope to solve this problem with this solutions

     

    Thank you

  • 0

    Let me suggest...

     

    you have some NAT or VPN rules with Automatic Firewall rules enabled?
    Please have a look into "ALL" Firewall rules (by useing DropDown) and compare all these automatic rules.

     

    The automatic rules are ALWAYS used before the custom rules!

    So you can't decline access if it was granted above. ;)

  • 0

    You didnt provide the log where this packets are allowed.

    Is the UTM the only gateway for this networks? I mean, is there a switch behind UTM?

  • 0

    Ciao Davide, and welcome to the UTM Community!

    Several things for you to learn...

    Pinging is regulated on the 'ICMP' tab of 'Firewall'.  Disable 'Firewall forwards pings' and add Ping in the firewall ruleset.

    The "Any" Service only includes TCP and UDP.  Ping and other IP Protocols are not included.

    By default, all traffic is blocked, so your four firewall rules could be replaced by a single one:

    LAN VOIP (Network), Internal (Network) -> Any, Ping -> Internet : Allow

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address.  To see why, look at #2 in Rulz and also see Doug Foster's take on some of this: READ ME FIRST: UTM Architecture

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to patrick.hackert@preventgr

    Mmmh i must check it and i will write you! :)

Unfiltered HTML