Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 10988 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF real webserver over HTTPS and certificates

Ralph Sikau

Hi,

do I understand it right that with a real webserver and a virtual webserver both using HTTPS two certificates are used?
Like Nginx uses its own SSL-certificate and the domain has another one on Sophos UTM for the virtual webserver.
Is in that case DNAT a better way than WAF?

Maybe somebody can explain the concepts.

Ralph



This thread was automatically locked due to age.
  • 0

    Not exactly.  1) configure the real webserver with a certificate.   2) Export thE certificate chain with the private key and a password.  3) import the certificate into UTM and configure it on the virtual webserver.   Now UTM can impersonate the real server.

  • 0

    How is this related to your other question about using nginx in line with WAF?  Should these two threads be merged?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    In a way it is related. I reconfigured Seafile now to use Nginx as reverse proxy over DNAT.
    Of course it makes no sense to use two reverse proxies in a row. But the alternative to use WAF instead did not work. I.e. if I define the real webserver to use port 8000 of Seafile and another one to talk to port 8082 of Seahub it does not work. Are only port 80 and port 443 allowed for real webservers?

    Best - Ralph

  • 0 in reply to BAlfson

    Could you help my ignorance?    I thought SEA meant Sophos Enterprise Appliance, and that it only does Email filtering.   Does it do more, or am I confused because SEA and SEAFILE are very different products? 

  • 0 in reply to DouglasFoster

    I'd never heard of seafile before, Doug.  The Sophos Enterprise Console can manage several things including the classic Sophos Endpoint product (not cloud or UTM) and the Sophos Mail Appliances.

    The Mail Appliance does a much better job with SPX than does the UTM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Just for the records: Seafile is a very performant alternative to the Owncloud software.

Unfiltered HTML