Information on 'Automatic Firewall rules' created by the Sophos UTM

  • Article ID: 119089
  • Rating:
  • 1 customers rated this article 5.0 out of 6
  • Updated: 26 Apr 2013

This article provides information on the 'Automatic Firewall rules' checkbox which appears in several areas of the WebAdmin interface (e.g., when creating a Site-to-Site SSL connection) and looks like the following screenshot.

Applies to the following Sophos product(s) and version(s)

Sophos UTM

Operating systems
Version 9.1 or higher

What happens when this option is selected?

When selected the UTM creates and applies firewall rules to allow network traffic for the new configuration you have set up. This means you do not have to create your own additional firewall rules to allow the new network traffic.

These rules are saved to in the iptables like normal user-created firewall rules. Automatic firewall rules were always checked before the user-created firewall rules

Which firewall rules are checked first?

Automatic firewall rules are always at the top of the list and are therefore checked first for a match.

Important: Once a firewall rule match is found all other (lower) rules are ignored.

How do I view automatic rules?

  1. Open the Sophos UTM WebAdmin interface and login.
  2. Go to 'Network Protection' | 'Firewall' | 'Rules' tab.
  3. From the drop-down menu select either 'Automatic firewall rules' or 'All' (the default option is 'User-created firewall rules'):


  4. The automatic firewall rules now displayed.  Note these rules:
    • Are displayed with a distinct background color.
    • Do not have a position number.
    • Are tagged with [auto]

Note: Only enabled automatic firewall rules will showed in the list of rules.

The screenshot below shows an example of two automatic rules from a Site-to-Site SSL connection.  These rules are displayed above any user-created rule.

You can also view the rules from the command line (e.g., root access via SSH).

To display the 'AUTO_FORWARD' chain type: iptables -L AUTO_FORWARD

From the command line the same automatic firewall rules as shown in the screenshot above would look like:

Chain AUTO_FORWARD (1 references)
target prot opt source destination
CONFIRMED all -- 10.0.0.0/8 192.168.0.0/24
CONFIRMED all -- 192.168.0.0/24 10.0.0.0/8

Can I edit automatic rules?

The 'Edit' button for automatic rules can be clicked but as shown in the screenshot below there are only two items you can control:

  • Add a comment to the 'Comment' field.
  • Check or uncheck the 'Log traffic' option.

All other options are read-only.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments