Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 20 replies
  • Subscribers 2 subscribers
  • Views 49815 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Application Firewall - Real webserver "in error"

thenetstriker
I' am trying to setup an Web Application Firewall on my Sophos UTM 9. I've configured some real webservers and one virtual webserver. In the virtual webserver on the left always appears an icon that says "in error". I get nothing in the logs. What could cause this problem?


This thread was automatically locked due to age.
  • 0
    Please [Go Advanced] below and attach a picture of the Edit of your Virtual Server.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Here is the picture of my configuration.
  • 0
    You haven't selected a 'Firewall profile'.  Is there a reason you're using the IP instead of an actual FQDN in 'Domains'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I've also tried it with firewall profile and it did not work either. I've entered the ip because I want to test this function first before I use it in production.
  • 0
    Just go ahead and use the actual domain and select the "Basic Protection" firewall.  There's no danger in experimenting with a production server as you're using the internal interface and port 5555.

    Any luck?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to thenetstriker
    Is the "real" server actually up and able to serve pages?  what does the WAF log show?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    I've now selected the "Basic Protection" profile and entered the www address of my Filewall and switched to the external interface, but is still doesn't work. The "Web Application Firewall" log is 0 bytes. The UBUNTU webserver does work. I've also tried to forward to my Windows IIS Server, but that didn't work either. It is weired that nothing is logged. Should not at least the start of the Web Application Firewall appear in the log?
  • 0
    To use the External interface from inside the "Internal (Network)", you would need a Full NAT (Accessing Internal or DMZ Webserver from Internal Network).  On second thought, I don't believe this would work at all to get traffic to the WAF - I think you have to use the approach with the Internal interface if accessing from the Internal network.

    It will be easier and a better test to use the Internal interface and create a DNS entry for the FQDN pointing at the IP of "Internal (Address)".

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Do you have any NAT rules configured that may conflict with this?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    I have only 4 NAT rules. (HTTP, HTTPS, IMAP, IMAPSSL) I don't think that those could cause this problem. I now configured the "Internal (Address)" again and tried to connect over the internal FQDN, but that also doesn't work.
Unfiltered HTML