This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troubles with multiple virtual websites

Hi there,

Hope that someone can help me out, i am probably doing something stupid. I used to work with UTM and had no issues. Im switching to XG v18 and it seems no matter what i change, all virtual websites that i create are going to my exchange server (so i could use owa.domain.com or www.domain.com and both would end up at my exchange server). It's also strange that it constantly says the certificate is not valid, but i have a wildcard for *.domain.com and i specifically said so in the forward rule. 

Attached is a screenshot of the rule. Would appreciate if anyone could point me in the right direction.

Regards,

Peter



This thread was automatically locked due to age.
  • Hello!

    I've moved your thread to the correct forum.

    Two questions:

    1. At the WAF Rule, did you enable at the Advanced Options the option "Pass host header"? (This option is useful if you have multiple web serves sharing the same IPv4+Port, and needs SNI in order to know where It should connect.)
    2. Is the Web Server you selected the correct one?

    Thanks.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • Hi Prism,

    1) Yes, i have enabled 'Pass Host Header'.

    2) Yes. Right now i have added 2 webservers, domoticz and my exchange. I have added two rules (owa and autodiscover) pointing to the exchange one, and the domoticz to the domoticz server (as in the screenshot). If i goto owa.domain.com or domoticz.domain.com i both end up at the exchange server. Also it does not seem to use the certificate either, because i get an error about the self-signed exchange certificate. The certificate is working, when i goto the fw.domain.com (the system itself) host, the certificate works fine.

    Thanks for moving the thread, sorry for misplacing it.

  • Since your getting a self-signed certificate error; Could you check DNS?

    Probably the DNS is pointing to the Web Server directly, and not the WAF; Hence why you're getting the self-signed certificate error message.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • It was working fine on the UTM. The DNS domoticz.domain.com is pointing to the Sophos XG with a cname (just like owa.domain.com).

    It seems like all other hosts that point to the XG, end up at the internal exchange server. So i removed all the forward rules, it makes no change. It looks like they were not being used at all.

  • It was a NAT rule which forwarded all HTTPS requests to the exchange server. Not sure how it was added, but removing that one made everything work! Thanks for thinking along with me.