This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

access https

hi 

i have two server using https mail server and web server when i want to access from outside to the sever web it load always the mail server, and when i change port to 80 it work but i want to use https for web server.

pls any help i have sophos xg with SFOS 19.0.0 GA-Build317



Edited TAGs
[edited by: Erick Jan at 4:37 AM (GMT -8) on 15 Nov 2022]
Parents
  • Hi,

    Please clarify these:

    1- Are you using DNAT or Webserver protection rule for publishing those servers?

    2- Do you have one or multiple Public WAN IP addresses?

    3- Are these server both listen to same default https tcp/443 port?

    If you are using DNAT and both server listen  on default 443 internally, then you have two options:

    1- Use different public IP address for each server and use DNAT to forward tcp 443 requests on each IP address to internal web server like A.B.C.D:443 --> internal-web-server:443 and E.F.G.H:443 -->internal-web-mail:443

    2- Use only one public ip address but with different external ports like A.B.C.D:443 --> internal-web-server:443 and A.B.C.D:444 -->internal-web-mail:443

    Also, You can use Webserver Protection to publish those servers to internet users. In this case, you can use one public ip address to publish both servers with the same external port.

  • 1-im using dnat with MASQ

    2- i have One public IP Address

    3-these server are listing for same port 443

    i used  Webserver Protection but not worked with me

  • i used Webserver protection rule for mail server and when i want to use it for webserver it not worked with me

Reply Children
  • You should be able to use Webserver protection two publish 2 web servers with same WAN public ip address and both on port tcp/443 if inside webserver protection rule, you have used the correct domain name. For example you should have one rule with "webmail.mycompany.com" and another rule with "webserver.mycompany.com". Both FQDNs will resolve the same WAN IP address but requests for each FQDN will only match to related rule.

    Here is an instruction to configure webserver protection rule:

    docs.sophos.com/.../index.html