This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Publication website

 

Bonjour,

J'ai donc la règle DNAT précédente mais lorsque je change Any par un Host Group qui contient des adresses IP public, même ces adresses IP public n'ont plus accès au site web.

Y'a-t-il une configuration particulière pour n'autoriser que certaines adresse IP public à accéder au site ?

 

Hello, 

So I have the previous DNAT rule, but when I change Any by a Host Group that contains public IP addresses, even those public IP addresses no longer have access to the website.

Is there a specific configuration to allow only certain public IP addresses to access the website ?



This thread was automatically locked due to age.
  • Salut Alexis,

    You're on the right track.  Start with #1 in Rulz and show us any relevant line from the Firewall log file (not the Live Log).  Confirm that your Host definitions don't violate #3 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Les règles de NAT précédente n'utilise pas les mêmes adresses IP publique et ni les même protocoles donc pas de risque de conflit.

     

    Previous NAT rules do not use the same public IP addresses and neither do the same protocols so there is no risk of conflict.

  • Bien compris, mais ...

    #3 in Rulz warns against binding a Network/Host definition to a particular Interface.  Do the Host objects in the Host Group all have 'Interface: <<Any>>'?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Pour définir les IP publique autoriser à accéder j'utilise un Availability Group ne devrais-ja pas un Network Group ?

     

    To define public IPs to allow access I use an Availability Group should not a Network Group ?

  • Et bien, l'Availability Group ne rend que le premier IP disponible.

    The Network Group returns all of the IPs of the Hosts and Networks in the Group.  With an Availability Group, the UTM queries the Hosts in order from top to bottom.  As soon as it sees that the Host is alive (by default, a ping), it returns only that IP and does not query any further Host.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • D'accord, toujours rien est-ce que le web proxy ne serait pas en cause ?

     

    All right, still nothing web proxy wouldn’t be involved ?

  • Web Filtering doesn't get a shot at traffic inbound from the Internet.  If you were having trouble with traffic from your LAN(s), I would recommend Accessing Internal or DMZ Webserver from Internal Network.

    In this case, I think you've proven that the web server either does not have the UTM as its default gateway or that it's blocking traffic that doesn't come from its local subnet.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA