Hosting a web site in XG firewall

I have a server in a dmz zone that has be published for 9 years behind TMG2010. when i move it behind XG firewall  i get error 403 forbidden when i access the site. I see traffic counting in FW rule so its seems to be working. looked thru many docs and troubleshooting guide to no avail. Put the server back at TMG works as normal. is there some other setting i am missing?

  • Please post your firewall rule covering the server, it should be a business rule.

    Ian

  • In reply to rfcat_vk:

    yes it is a business rule ;

  • In reply to Daniel Twinn:

    You are using a WAF.

    https://community.sophos.com/kb/en-us/124574

    Try to troubleshoot this with this KBA. 

  • In reply to LuCar Toni:

    this is second attempt on fresh install. Does product need this type of diag? Yes i looked at this. Web server logs show receiving calls, rule shows data accumulating, just barks about no permission, set for no log in or auth on site and it works fine elsewhere. i suspect its an XG setting just don't know what one.

  • In reply to Daniel Twinn:

    WAF is kinda complex in setting up. Because you need to understand, what a URL Harding is, what a Site path routing and the reverse authentication. 

    There are couple of Guides, how to do it.

    https://community.sophos.com/kb/en-us/126470

    https://community.sophos.com/kb/en-us/122829

    https://community.sophos.com/kb/en-us/122828

  • In reply to LuCar Toni:

    I will take a look thank you.

  • In reply to Daniel Twinn:

    still no luck, went over all these docs,add  new business rule still not working correctly. here is from log of rule;

    2019-02-19 15:45:13Web Server Protectionmessageid="17071" log_type="WAF" log_component="Web Application Firewall" user="-" server="www.xx.com" src_ip="72.139.195.203" local_ip="192.168.0.32" protocol="HTTP/1.1" url="/dotnetnuke/ContactUs.aspx" query_string="" cookie="__utmz=80821778.1549162625.1.1.utmcsr=xx.com|utmccn=(referral)|utmcmd=referral|utmcct=/; .ASPXANONYMOUS=0fzmRiC8yolbUjui0wjqo7KbynFiVUoI58Z-o0KIoHwq2664CIel1Wl9BReA1VJmo8otxRbepfSeeY-1cvAI65rJJLBdvj9V53Gy19m3ShjN637q0; language=en-US; __RequestVerificationToken_L2RvdG5ldG51a2U1=pkJ-q0iR735w-c3yznM9pL4oKd7pTmqjR46wG-SScUlYO5xR8eGMfQ5sf_f8oX5lS_ZjBg2; __utma=80821778.1910479675.1549162625.1549162625.1550605920.2; __utmc=80821778; __utmt=1; __utmb=80821778.20.10.1550605920" referer="www.xx.com/.../ContactUs.aspx" method="GET" response_code="403" reason="-" extra="-" content_type="text/html" user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36" host="72.139.195.203" response_time="663" bytes_sent="436" bytes_received="963" fw_rule_id="11"

  • In reply to Daniel Twinn:

    so a couple of things i see;

    web server receives requests

    when using server ID utility (GRC.com)two things are different;

    1. web server is Apache when behind XG but iis when behind /TMG and it is IIS

    2. in the server response http/1.1 200ok content length 323,when behind TMG but is 404 not found and length is 256 behind XG 

     

    No idea what to do about it.