Link to home
Create AccountLog in
Avatar of Kostas Harvatis
Kostas HarvatisFlag for Greece

asked on

Sophos drop policy not working as expected

I am trying to apply first policies on our new XGS Sophos firewall.


Setting a drop policy on the final LAN to WAN rule, doesn't have any effect.

On the Web > Policies it shows as "In use".


What am I missing? It's a fairly different interface and logic than the Cisco ASA I was used to.

Avatar of Dirk Kotte
Dirk Kotte
Flag of Germany image

Hi Kostas,

sure, you can set a deny rule at any position.

Possible the definition isn't correct (usually the reason)

If you post the rule, we can check the content.


Greetings, 

Dirk

Avatar of Kostas Harvatis

ASKER

Thank you Dirk.


So, you mean that a deny policy within an accept rule won't work anyway?

I wasn't expecting that.

Sorry, didn't understand "... that a deny policy within an accept rule won't work anyway?"

you wrote "drop policy" first.

Sure, you can block access to websites within an Allow rule... using a web policy... but I guess that's not what you're trying to do


Indeed my bad. I meant a deny policy. I am trying just one policy to begin with:

User generated image

setting it in my last (LAN to WAN) rule on my list:


User generated imageI would expect that it would work seamlessly.


You need an allow-policy to process web requests.

Within this allow-policypolicy, the web filter can deny access to selected websites. (You will see the Access Denied screen)

However, you should check the “Block Quick Protocol” checkbox as various browsers use this to bypass FW filters.


You should be able to see the result within log-viewer (firewall & webfilter)


Blocked QUIC; no change.


So how would you suggest I go about enforcing this deny policy?

Can you show us the full policy?

Does another policy allow the traffic?

What does the log viewer say?


As shown in above screenshot, it is the built-in "No excplicit content" policy.

ASKER CERTIFIED SOLUTION
Avatar of Dirk Kotte
Dirk Kotte
Flag of Germany image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer

So policy was not in effect because another rule without filter placed before the filter-rule.


Thank you Dirk!