Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 42 subscribers
  • Views 2329 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is going on with WAF on XG?

Regex

EDIT: Problem solved. You cant limit anyhow Source for specific country without problems on SophosXG - my problem was NAT, if you'll setup NAT then such source will be excluded from any malware scanning, logging etc. We must wait 'till Sophos Team will improve security  in that matter Slight smile

Hello.

Ive got simple scenerio where im hosting Synology Drive App for HOME purposes - its hidden behind WAF of SophosXG. Weird things happen.

1. AV is turned on but test malware files are passing thru

2. no logs from my own country in which im trying to access(From Poland)

Screenshots below are showing how i have setup WAF and NAT policy, and as soon as i am creating NAT rule for external access there is no logs anymore...

NAT:

WAF:


cd..

Protection server policy: 1/2



2/2



This thread was automatically locked due to age.
  • +1

    It is actually quite simple: 

    WAF is a service. NAT will always hit before a service. 

    So if you configure a NAT rule, it will bypass the WAF as a service.

    So if you only want to offer a WAF as a service for a particular country, you need to Blackhole via NAT all countries you do not want to have. So simply create a rule with all countries (groups) and do not include Germany/Poland. 

    This principle (NAT before Service) is most likely a standard. 

    __________________________________________________________________________________________________________________

  • 0

    Maybe it is a misunderstanding on your side: you do not need NAT to „make WAF work“. 

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    yeap it was my misunderstanding. i just suggested from different NGF. :) 

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to LuCar Toni

    not quite. on some other vendors its done much easier? or at least you can limit specific country without NAT policies Slight smile

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

Unfiltered HTML