We'd love to hear about it! Click here to go to the product suggestion community
I'm attempting to set up Sophos UTM as Webserver protection, right now behind a different firewall, and running into issues. Looking at Sophos I may just use it as the main firewall in the future, but for now it has to be behind another as reverse proxy.
Main firewall - 10.1.1.9
Sophos - one NIC (I think as bridge mode?), 10.1.1.8
Webserver - 10.1.1.16
I have the main firewall forwarding port 80 traffic to Sophos.
In Sophos I've set up the real and virtual webservers. I have Pass host header enabled in the virtual web server. In Network Protection I've set up a firewall rule allowing port 80 traffic from any source to the Internal network.
At present I have no NATs set up as some of the documentation I was reading said NATs would effectively bypass the Webserver Protection.
On the webserver I've set up Sophos as Trusted Proxy, mostly so the real IPs will come through.
On Sophos I do see web traffic coming into the box, but the websites do not come up. I don't see the web traffic in the access or error logs of the webserver. I haven't done any network sniffing yet to see if they are getting there. The live web server protection logs don't show any sort of logging to indicate traffic.
Can anyone point me in the right direction, some documentation or how-tos? I'm stuck. I appreciate any help.
1) I do not believe that you do not have bridge mode. Bridge mode looks like this:
Switch --- UTM --- Firewall
Two (or more) physical interfaces are bound together as one logical interface to UTM. Everything going to the firewall has to pass through UTM.
From your description, you have this:
Switch --- UTM \____________ Firewall
In this mode, UTM only sees traffic that targets one of its addresses, so it can only do Standard Mode functions. For more detail on Standard and Transparent mode functions, see this post:
2) Basic process that I use for configuring a webserver:
On a test machine with an internal IP address
On the firewall
Hi Scott and welcome to the UTM Community!
Do you see anything in the WAF log that would indicate that it's processing the incoming requests? Please show pictures of the Edits of the Interface definition, the Virtual Server, Real Server and the Host object in the real server.
Cheers - Bob