Firewall

Firewall rules are security rule-sets to implement control over users, applications or network objects in an organization. Using Firewall rules, you can create blanket or specialized traffic transit rules based on the requirement. Firewall rules provide centralized management for the entire set of device security Firewall rules. Sophos Firewall Manager implements single pane of management to secure all enterprise applications using configuration templates for various types of Firewall rules.

Following sections provide more information on the Firewall section.

Introduction

Firewall rules are based on the following configurable templates:

  1. Business Application Rule
  2. User/Network Rule

Managing Firewall Rules

You can see the entire list of added security Firewall rules from the Firewall page. Using the same page, you can update existing firewall rules, or add new firewall rules.

On the Firewall page, the following action buttons can be found.

  • IPv4: Select to filter only IPv4 Firewall rules
  • IPv6: Select to filter only IPv6 Firewall rules
  • Enable Filter: Select to open filter view and apply the following filters for IPv4 or IPv6 Firewall rules:
    1. Rule Type - Select to filter rules based on Business, User or Network
    2. Source Zone - Select to filter rules based on LAN, WAN, DMZ, VPN or WiFi
    3. Destination Zone - Select to filter rules based on LAN, WAN, DMZ, VPN or WiFi
    4. State - Select to filter rules based on Unused, Disabled, Changed, New
    5. Rule ID - Specify Rule ID to see the specific rule.
  • Reset Filter (Available if filter is enabled) - Select to reset all filters
  • Disable Filter(Available if filter is enabled) - Select to close filter view
  • + Add Firewall Rule - Select to add a new Firewall Rule among Business Application Rule, or User/Network Rule.

Default Firewall Rules

The following default Firewall Rules are created with first time deployment of SFM:
  1. Auto added firewall policy for MTA
Note Default Firewall Rules cannot be deleted.

Understanding Icons

There are various action icons as well as symbolic icons on the Firewall page. Color codes, meanings and associated actions of icons are shown below.

Icons Meaning
Business Application Rule Enabled
Business Application Rule Disabled
User Rule Disabled + Action - Accept
User Rule Disabled + Action - Drop/Reject
User Rule Enabled + Action - Drop/Reject
User Rule Enabled
Network Rule Enabled
Network Rule Disabled + Action - Accept
Network Rule Disabled + Action - Drop/Reject
Network Rule Enabled + Action - Drop/Reject
Anti-Virus Scanning Disable
Anti-Virus Scanning Enable
Application Control Disable
Application Control Allow All
Application Control Deny All
Application Control Drop
Security Heartbeat Disable / No Restriction
Security Heartbeat Enable - Green
Security Heartbeat Enable - Yellow
Security Heartbeat - No Restriction + No Heartbeat.
Security Heartbeat - No Restriction + Green
Security Heartbeat - No Restriction + Yellow
Intrusion Prevention Disable
Intrusion Prevention Enable
NAT Disable
NAT Enable
Traffic Shaping Policy Disabled
Traffic Shaping Policy Enabled
Web Policy Disable
Web Policy Allow
Web Policy Deny
Web Policy Drop
Routing Enabled
Routing Disabled
Firewall Rule enabled. Click to disable the rule.
Firewall Rule disabled. Click to enable the rule.
Edit Rule
Delete Rule
Color Codes
Red Reject/Drop
Green Accept/Allow
Yellow Drop (In case of policies)
Blue On/Enable
Gray Off/Disable

Understanding List of Firewall Rules

All added Firewall Rules are available in the form of a list. Each Firewall Rule in the list presents quick snapshot of the rule.

Details of the rule:
  • Rule Name: Name of the rule.
  • Firewall Rule Features: Status of schedule, Heartbeat, IPS and traffic shaping.
  • Source: Source zone.
  • Destination: Destination zone.
  • What: Displays protected domains/services.
  • Action: Status of protected servers, status of web and application protection for user
  • ID: Rule ID
  • User’s Policy Applied: Status of application filter, web policy, AV and AS scanning, NAT policy and route through gateway, if configured

To view details of the Source, Destination, What (type of service) and Features, hover over the Features.

Click for the following options to appear:
  • Edit
  • Clone
  • Add User/Network Rule
  • Add Business Application Rule
  • Synchronize
  • Delete