Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I have a server in a dmz zone that has be published for 9 years behind TMG2010. when i move it behind XG firewall i get error 403 forbidden when i access the site. I see traffic counting in FW rule so its seems to be working. looked thru many docs and troubleshooting guide to no avail. Put the server back at TMG works as normal. is there some other setting i am missing?
Please post your firewall rule covering the server, it should be a business rule.
In reply to rfcat_vk:
yes it is a business rule ;
In reply to Daniel Twinn:
You are using a WAF.
Try to troubleshoot this with this KBA.
In reply to LuCar Toni:
this is second attempt on fresh install. Does product need this type of diag? Yes i looked at this. Web server logs show receiving calls, rule shows data accumulating, just barks about no permission, set for no log in or auth on site and it works fine elsewhere. i suspect its an XG setting just don't know what one.
WAF is kinda complex in setting up. Because you need to understand, what a URL Harding is, what a Site path routing and the reverse authentication.
There are couple of Guides, how to do it.
I will take a look thank you.
still no luck, went over all these docs,add new business rule still not working correctly. here is from log of rule;
2019-02-19 15:45:13Web Server Protectionmessageid="17071" log_type="WAF" log_component="Web Application Firewall" user="-" server="www.xx.com" src_ip="220.127.116.11" local_ip="192.168.0.32" protocol="HTTP/1.1" url="/dotnetnuke/ContactUs.aspx" query_string="" cookie="__utmz=80821778.1549162625.1.1.utmcsr=xx.com|utmccn=(referral)|utmcmd=referral|utmcct=/; .ASPXANONYMOUS=0fzmRiC8yolbUjui0wjqo7KbynFiVUoI58Z-o0KIoHwq2664CIel1Wl9BReA1VJmo8otxRbepfSeeY-1cvAI65rJJLBdvj9V53Gy19m3ShjN637q0; language=en-US; __RequestVerificationToken_L2RvdG5ldG51a2U1=pkJ-q0iR735w-c3yznM9pL4oKd7pTmqjR46wG-SScUlYO5xR8eGMfQ5sf_f8oX5lS_ZjBg2; __utma=80821778.1910479675.1549162625.1549162625.1550605920.2; __utmc=80821778; __utmt=1; __utmb=80821718.104.22.1680605920" referer="www.xx.com/.../ContactUs.aspx" method="GET" response_code="403" reason="-" extra="-" content_type="text/html" user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36" host="22.214.171.124" response_time="663" bytes_sent="436" bytes_received="963" fw_rule_id="11"
so a couple of things i see;
web server receives requests
when using server ID utility (GRC.com)two things are different;
1. web server is Apache when behind XG but iis when behind /TMG and it is IIS
2. in the server response http/1.1 200ok content length 323,when behind TMG but is 404 not found and length is 256 behind XG
No idea what to do about it.