What about WAF?

Does XG have WAF caoability?   If so, how does it compare to UTM?   If not, what are you using in place of UTM WAF?

  • Hi Douglas and welcome to the XG forum,

    here is an example of the starting point for WAF.

    I hope this is the information you are after?


  • Only thing I can say is ... wait.  WAF on XG will manage very basic HTTPS hosting (HTTPS Port Forwarding).  You cannot do what everyone understand as "Port Forwarding" easily on XG.  XG is not there yet.  Two years from now.  Not before v20.

    Unless ... 

    1. You really are familiar deeply with Linux and CLI.  Particularly CLI at networking.  XG is just an interface to a collection of Linux & Open Source netwotk utilities.  You can consequently do more with CLI.  You need CLI to view logs, because the log viewer in XG just do not do it.  
    2. You have months of available time to work on this.  You may be familiar with those Open Source utilities:  www.strongswan.com (VPN), https://www.exim.org/ (MTA), ET.c.  In such a case go ahead.
    3. You have plan B, C and D.  Like two complete firewalls sets, so that if one thing just don't work, you can bring back the old firewall kits while waiting for fixes.
    4. Your set-up is particularly simple.

    Or maybe you are simply very adventurous.

    Paul Jr 

  • In reply to Big_Buck:

    XG has the same module build in like UTM9.5 has. 

    Same behavior and limitation like UTM. Plus there are some "little" features like websocket bypass, which is missing in UTM. 


  • In reply to LuCar Toni:

    Anyone knows when a full featured "Port Forwarding" will be implemented ?

    Paul Jr

  • In reply to Big_Buck:

    What do you need?

    DNAT, SNAT, Full NAT, 1:1 NAT? All those are implemented in XG.