Question about configuring rules for Sophos/Astaro Firewall

[iroc409]

I just installed Sophos UTM 9 tonight, and so far I'm impressed. I'm used to Untangle and the way it creates firewall rules, which are mostly bound to the interface. Sophos uses more of a network/IP-based definitions as default.

I am curious if I should make a network definition for each interface, such as:

Type: Network
IPv4 Address: 0.0.0.0
Netmask: /0 (0.0.0.0)
Advanced --> Interface: <choose interface> (i.e. Internal, WAN, etc)

Or, are their created/existing definitions sufficient for firewall protection?

Such as:

External (WAN) (Network) xx.xxx.xxx.xxx/xx
Attached network of interface "External (WAN)"

Internal (Network) 192.168.2.0/24
Internal Network

I can attach some screen shots, but hopefully someone familiar with Sophos will understand what I am getting at. I have in the past had "block all" rules between interfaces. I have 3 interfaces right now, external/WAN, Wireless, & Internal (the Wireless is on a different subnet).

 

[dbwillis]

Not related, but I also came from UNtangle UTM side and started to use Sophos..got me that it blocks Outbound by default, which was kinda nice

 

[iroc409]

So far it's working great, after working out a few bugs with application control. But, for some reason, I can't for the life of me get the "wireless" interface out to the internet.

I used a block rule that basically says "any any to any", so I figure that should cover the bases.

 

[MrGuvernment]

"which are mostly bound to the interface. Sophos uses more of a network/IP-based definitions as default."

UT you can bind it to any interface you want or use IP's/ ranges / subnets... always have been able to.

For me i remove any pre-made rules

Block all *

then let in / out what i need.