Enrico 3 Posted November 23, 2023 Share Posted November 23, 2023 I've noticed this strange behaviour, steps to reproduce: 1- Create a higher priority Block firewall rule for any application, both directions, any protocol, insert all IP ranges to monitor. 2- Create a lower priority Ask firewall rule for any application, both directions, any protocol, insert all IP ranges to monitor. 3- Start a browser (or any kind of software that connects to both IP ranges). 4- Visit a website that use the Ask rule IP ranges and select "Remember until application quits". 5- Visit a website that use the Block rule IP ranges, all traffic is allowed! OR: 3- Start a browser (or any kind of software that connects to both IP ranges). 4- Visit a website that use the Block rule IP ranges, all traffic is blocked. 5- Visit a website that use the Ask rule IP ranges and select "Remember until application quits". 6- Visit again a website that use the Block rule IP ranges, all traffic is allowed! The same happens even without an Ask rule, every software requesting network traffic, without an existing dedicated firewall rule, once allowed it can bypass the block rule. IP filtering is my first layer of defence against threats and data theft, I'm really worried about this behaviour, do you have advices or suggestions? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted November 23, 2023 Administrators Share Posted November 23, 2023 Please raise a support ticket for proper investigation of the issue. Link to comment Share on other sites More sharing options...
Enrico 3 Posted November 23, 2023 Author Share Posted November 23, 2023 Unfortunately, I can't open a ticket because of the captcha (I don't accept google's privacy policy). At this point I will opt for the solution I wanted to avoid: create allow and block rules for every software and remove the ask rules. Link to comment Share on other sites More sharing options...
Recommended Posts