Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple domain forwarding 1 Public IP

 Hi People,

Can someone advice how to configure XG Firewall for the following scenario

environment:

1 Public IP
2 different domains (each domain A record points to public IP)
2 different web servers

Goal:

Domain A hits public IP of (XG Firewall) and forwards to server 1
Domain B hits public IP of (XG Firewall) and forwards to server 2

Is there w way to configure that without using WAF?

 

Thanks,

Rafal



This thread was automatically locked due to age.
Parents Reply Children
  • Thank you for clarify this. It works with different WAF rules for each server/domain!

     

    I had trouble with my browser cache so things were not running as they should.

  • I have another question/issue regarding this topic.

    Beside the two WAF rules i need a DNAT rule for port 443. The WAF rules have a higher priority, so the DNAT rule will be last one to be processed ("fallback").

    For example i have following domains (all same public IP), rules and servers

    - prio1 > domain: waf1.domain.com > rule: waf1 443 rule > server-waf1

    - prio2 > domain: waf2.domain.com > rule: waf2 443 rule > server-waf2

    - prio3 > domain: dnat1.domain.com / dnat2.domain.com > rule: dnat 443 > server-fallback

     

    The problem is, the two "dnat1/2" subdomains will be processed by rule "waf2 443" and it returns an 403 http error. This error shows up is in the log "/log/reverseproxy.log": 

    [Thu Feb 27 15:51:35.073229 2020] [url_hardening:error] [pid 47656:tid 140695402669824] [client xxx.xxx.xxx.xxx:58401] Hostname in HTTP request (dnat2.domain.com) does not match the server name (waf2.domain.com), referer: https://dnat2.domain.com/

    [Thu Feb 27 15:51:35.073091 2020] timestamp="1582815095" srcip="xxx.xxx.xxx.xxx" localip="192.168.0.2" user="-" host="xxx.xxx.xxx.xxx" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" duration="250" url="/favicon.ico" server="dnat.domain.com" referer="https://dnat.domain.com/" cookie="-" set-cookie="-" recvbytes="494" sentbytes="429" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="2"

     

    Why is rule "waf2 443" processed at all, the server name does not match?

     

    Thank you