Sophos Ideas / XG Firewall

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

← XG Firewall

Please add back the Drop Silently feature

Port 80 and Port 443 can’t be silently dropped by the firewall & logs incorrectly report traffic as “Accepted.” Even traffic that is "Dropped" gets a response form the firewall.

Firstly this is nonsensical. After weeks of back and forth Sophos support told us this is the intended behavior. Sadly this behavior makes the log files misrepresent the action taken, all traffic that get a "Drop" action shows as "Accept" in the logs.

Secondly it removes the first layer of protection. Normally we use "Drop" to silently hide from unwanted traffic and potential attackers, this "new feature" Sophos added eliminates that first line of defense.

2 votes
Sign in Sign in with: Log in with your Sophos ID
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Jim shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in Sign in with: Log in with your Sophos ID
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Jim commented  ·   ·  Flag as inappropriate

    PS if there is a great benefit to the Sophos approach of forwarding everything to a proxy (whats causing all this according to Sophos Support) please let me know.

XG Firewall: Network Protection

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.