This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ Segment can access Internal web services

Hi

We have several zones.

Internal 192.168.10.0/24
Wifi 172.10.10.0/24
Guest Wifi 172.20.10.0/24
DMZ 10.0.0.0/24

Our problem is this.

When connected to the wifi,guest wifi and DMZ we can access any web service running on any server within the internal lan.

there are no auto or user created firewall rules which allows this.

i have tried creating a block rule in place.

Source DMZ,Wifi,Guest Wifi
Service Any
Destination Internal
Action: tried both block and reject.

Any Ideas ?

This thread was automatically locked due to age.

Parents

0 apijnappels over 12 years ago

your proxy will probably allow this traffic.
You can create a filter action for your hotspot interface where you block access to your other subnet(s)

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 apijnappels over 12 years ago

your proxy will probably allow this traffic.
You can create a filter action for your hotspot interface where you block access to your other subnet(s)

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data