Display 'hidden' firewall rules on the firewall page
This idea comes from a post I made about a week ago which you can see here:
Basically, it would be very useful if we could see ALL firewall rules on the 'Firewall' page and not just user created rules. For example, if I enable 'User Portal' on WAN (which is enabled by default) from the 'Device Access' tab on the 'Administration' page, there's a firewall rule being created "behind the scenes" (i.e. can't see it from the Firewall page) to open port 443.
The Firewall page should show all firewall rules regardless if they are created by the user or system. They should show in their correct position with an option to 'Hide system generated rules' (or something along those lines).
Logged a related "idea" to allow ACLs when using a "Deny All" Firewall Rule:
Essential Also should be able to modify these rules - as per the example Allow Admin on WAN - but *only* from certain IP addresses
It should be available at least for purposes of troubleshooting. Although it would be just another log / list / table to check, perhaps it could be made available in the webAdmin diagnostics section. or only to admin user logins.
Matt Jereb commented
Similar as it already exists in SG (UTM)
Sean Hancock commented
Hmm, i feel this would just clutter the already difficult to use firewall rules page, if this becomes a feature it should be a toggle so it can be disabled.
administration - device access is has worked fine for us to manage the "hidden rules" and if we ever had issues the packet capture would lead us there and problem solved
Yudhin Acharya commented
required. agreed. all rules should be visible.
A 30 years old "idea" available standard on all firewalls I'm aware of ...
This is nearly a must have - sure we've gotten by without it but not at the expense of a lot of wasted time and errant testing. Implementing this would go a massive way towards empower users to provide better feedback to Sophos.