Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF Inspection

Hello Community. 

Is there any information that Sophos XG appliance is inspecting traffic between Sophos ----> Server     ?

Simple scenerio:

[WAN INTERNET] --------> (SophosXG_WAF Rule) -------> "Synology Server with a few services on non standard ports"

Synology has Configured to use only HTTPS traffic.  AT Sophos XG I do have configured Certificate for these WAF rules, but for example;

I cant see any logs for rule #32 - as on screenshot. 

Rule #31 - logs are available

Other rules - Nope, log section is showing "N/A"

My goal is to be sure that Sophos is inspecting all what is trying to pass to DST server ;)

 Thank you for you help.



This thread was automatically locked due to age.
Parents
  • As there is no NAT-Rule allowing this traffic (i think/hope there is so) all inbound traffic has to use your WAF-Rules to reach the DST-Server.

    As you can see the traffic within logviewer/WAF ... this is so.

    But there are options to configure WAF without protection ... you have to configure and use "good" WAF-policies.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Im not sure what you are trying exolain saying "As there is no nat rule" well, configuring WAF NAT must be made by design? To be clear i can reach all 3  ports. But only One is shown amin logs  and also i think that there is no protection. Ive been testing it. 

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • Which version do you use?

    I run version 18.0 and 18.5 and have no additional NAT rules anymore ...

    I think you create 3 WAF rules for the 3 ports? (you post only the rule for Port 10003)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • I did post 3 rules respectively  7,8,9. Im using 18.5 what do you mean by "have no additional NAT rule"?

    I assume you dont mean a NAT at NAT policy section.?

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

Reply
  • I did post 3 rules respectively  7,8,9. Im using 18.5 what do you mean by "have no additional NAT rule"?

    I assume you dont mean a NAT at NAT policy section.?

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

Children
  • What I mean is:
    No NAT rules within NAT policy section, which affect the same traffic as your WAF rules.
    With Ver. 17.x.x there were "linked NAT rules" to the WAF rules.
    Sometimes we find residues that cause errors.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • OH really that maight be an issue. Cuz as i remember i did create NAT rule for WAF (manualy) This is how it looks like now:

    So I assume i must delete it and recreate WAF rule with linked one which is created automaticly?

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • since 18.0 / 18.5 we do not need a NAT Rule for WAF anymore ...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Well a big thanks for your help. I didnt know that NAT isnt needed while WAF is configured or maybe i for got. So now what im  struggling to set it up, cuz ive got thones of false positive allerts ;) 

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb