Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 726 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troubles with multiple virtual websites

rizzah

Hi there,

Hope that someone can help me out, i am probably doing something stupid. I used to work with UTM and had no issues. Im switching to XG v18 and it seems no matter what i change, all virtual websites that i create are going to my exchange server (so i could use owa.domain.com or www.domain.com and both would end up at my exchange server). It's also strange that it constantly says the certificate is not valid, but i have a wildcard for *.domain.com and i specifically said so in the forward rule. 

Attached is a screenshot of the rule. Would appreciate if anyone could point me in the right direction.

Regards,

Peter



This thread was automatically locked due to age.
Parents
  • 0

    Hello!

    I've moved your thread to the correct forum.

    Two questions:

    1. At the WAF Rule, did you enable at the Advanced Options the option "Pass host header"? (This option is useful if you have multiple web serves sharing the same IPv4+Port, and needs SNI in order to know where It should connect.)
    2. Is the Web Server you selected the correct one?

    Thanks.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • 0 in reply to Prism

    Hi Prism,

    1) Yes, i have enabled 'Pass Host Header'.

    2) Yes. Right now i have added 2 webservers, domoticz and my exchange. I have added two rules (owa and autodiscover) pointing to the exchange one, and the domoticz to the domoticz server (as in the screenshot). If i goto owa.domain.com or domoticz.domain.com i both end up at the exchange server. Also it does not seem to use the certificate either, because i get an error about the self-signed exchange certificate. The certificate is working, when i goto the fw.domain.com (the system itself) host, the certificate works fine.

    Thanks for moving the thread, sorry for misplacing it.

  • 0 in reply to rizzah

    Since your getting a self-signed certificate error; Could you check DNS?

    Probably the DNS is pointing to the Web Server directly, and not the WAF; Hence why you're getting the self-signed certificate error message.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • 0 in reply to Prism

    It was working fine on the UTM. The DNS domoticz.domain.com is pointing to the Sophos XG with a cname (just like owa.domain.com).

    It seems like all other hosts that point to the XG, end up at the internal exchange server. So i removed all the forward rules, it makes no change. It looks like they were not being used at all.

  • +1 in reply to rizzah

    It was a NAT rule which forwarded all HTTPS requests to the exchange server. Not sure how it was added, but removing that one made everything work! Thanks for thinking along with me.

Reply Children
No Data
Unfiltered HTML