asked on
Sophos drop policy not working as expected
I am trying to apply first policies on our new XGS Sophos firewall.
Setting a drop policy on the final LAN to WAN rule, doesn't have any effect.
On the Web > Policies it shows as "In use".
What am I missing? It's a fairly different interface and logic than the Cisco ASA I was used to.
ASKER
Thank you Dirk.
So, you mean that a deny policy within an accept rule won't work anyway?
I wasn't expecting that.
Sorry, didn't understand "... that a deny policy within an accept rule won't work anyway?"
you wrote "drop policy" first.
Sure, you can block access to websites within an Allow rule... using a web policy... but I guess that's not what you're trying to do
ASKER
You need an allow-policy to process web requests.
Within this allow-policypolicy, the web filter can deny access to selected websites. (You will see the Access Denied screen)
However, you should check the “Block Quick Protocol” checkbox as various browsers use this to bypass FW filters.
You should be able to see the result within log-viewer (firewall & webfilter)
ASKER
Blocked QUIC; no change.
So how would you suggest I go about enforcing this deny policy?
Can you show us the full policy?
Does another policy allow the traffic?
What does the log viewer say?
ASKER
As shown in above screenshot, it is the built-in "No excplicit content" policy.
ASKER
So policy was not in effect because another rule without filter placed before the filter-rule.
Thank you Dirk!
Hi Kostas,
sure, you can set a deny rule at any position.
Possible the definition isn't correct (usually the reason)
If you post the rule, we can check the content.
Greetings,
Dirk