Routing problem with Web Application Firewall (virtual web server)


I am new to this community and try my first troubleshooting on an UTM 8.


My setup:

Internet provider: German Telekom

Router: Bintec Elmeg / Digitalisierungsbox Premium, WAN-IP fix, LAN-IP

Portforwarding on Router: exposed host on UTM 8 (, 80 on UTM 8, 443 on UTM 8

UTM8: Set up as Firewall and DNS-Forwarder, now trying to run reverse-proxy for internal web-server 
- WAN-interface (eth1)
- LAN-interface (eth0) (=gateway for network)
VirtualWebServer on WAN-Interface (https&reconnect) with Let's encrypt refers to webserver

WirtualWebServer von LAN-Interface (https&reconnect) with Let's entcrypt refers to webserver

example.domain.tld refers to fix external IP

webserver: IP port 80

DNS: resolves example.domain.tld to external IP (So far no split DNS configured)


External http/https-requests work perfectly.

Internal requests are not going to reverse-proxy (VirtualWebServer) nor do they reach webserver. Web-frontend of the router shows up, when trying to access example.domain.tld.

Somehow the http/https-reqeust from seems to get malrouted to Can anyboby help me?

Thank you in advance!

  • Hi  

    What is the firmware version of the Sophos UTM? I ask this because UTM8 is end of life for a long time now.

  • In reply to Jaydeep:

    I'm sorry: It's a UTM 9. Firmware is 9.700-5.

    Since yesterday I found a "workaround" that does not really solve the problem but works particularly: I added a DNS-hostname to my internal servers entry. 

    Still I think that my router outside my protected network should not answer the https-requests from the internal network. 

  • In reply to Johannes Neimann:

    Hallo Johannes and welcome to the UTM Community!

     sounds like you found the best solution.

    Cheers - Bob