I created a NAT in UTM for traffic coming from "Any" going to my externally accessible (external as in still on a corporate LAN, not on the Internet) IP, then change the destination to my test web server's IP, so a DNAT if you will. Doing this routes traffic from web.domain.com (again, using split DNS I created an entry for web.domain.com in our DNS zone which points to the external IP of Sophos UTM) directly to the web server using an internal LAN DMZ connection. Our internal network cannot get to the DMZ, it is only proxy'ed through Sophos UTM. This works like a charm, however I don't understand or maybe I'm missing the point on a Web Application Firewall setup. Since this traffic is directly passed to the web server via the NAT, it bypasses the WAF rules I've setup for this web server. Can someone help me understand how to get traffic from one IP correlated to an internal DMZ IP and pass it through the WAF without sending all the traffic via a NAT?
This thread was automatically locked due to age.
