Hello experts
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hello experts
Hello!
What error you're getting while connecting to Vaultwarden proxied through the Firewall?
Is It a 403 Error? 404?
Is DNS working as expected. (The domain is resolving to the same IPv4 of the "Port1.150" of the Firewall at the client?)
Can you send a screenshot of the Log Viewer at the "Web server protection" section?
I assume, it is irrelevant for the setup whether the protected server is a container or something else.
Indeed, It's irrelevant for this issue.
Also, it's "better" to use the standard HTTPS port with WAF (TCP/443). (For sanity reasons.)
Thanks!
If a post solves your question use the 'Verify Answer' button.
Ryzen 5600U + I226-V (KVM) v21 GA @ Home
Sophos ZTNA (KVM) @ Home
Thank you Prism,
I only saw your response now because I did not receive any notification.
I have not managed to display the HTTP error code (neither in Safari, nor in Chrome). In Chrome I get ERR_CONNECTION_CLOSED and the internet says, it is 444. In Safari on the other hand, the description is rather that a secure connection could not be established.
My MacBook client can resolve the address and domain, but in XG under Diagnostics -> Name lookup I cannot resolve the IP address. I was told that is not an issue as the reverse proxy just forwards what is received. I created the relevant DNS entry in XG under Network -> DNS and I was surprised that XG itself does not seem to check that. Beside the locally maintained DNS entries, I have only set DNS 1 to my DSL router.
When I open the log and try to access the domain, no log entries show up.
regards
When I open the log and try to access the domain, no log entries show up.
This really looks like a DNS issue.
Just to be sure WAF is running as expected, can you access "">">">https://firewallip:1443", and check if It shows a "403 Forbidden." error?
From your images It should be "">">">10.10.150.1:1443".
Also check if something appears on the Log Viewer after this, if it does then It's DNS.
EDIT: I've used the Sophos Firewall WAF with Vaultwarden for ~8 months (hosted on a docker container.) Back then it worked as expected. (Including the WebSockets notifications.)
If a post solves your question use the 'Verify Answer' button.
Ryzen 5600U + I226-V (KVM) v21 GA @ Home
Sophos ZTNA (KVM) @ Home
Hi Prism
I now maintained XG as DNS server and also defined a DNS request route to the XG.
I also moved the reverse proxy to the same VLAN in which my client is (Port 1.110).
When using the firewall:1443 (now 10.10.110.1:1443) I still get HTTP 444 and no logs are written.
As I understand, this error code does not send anything back in order to prevent attacks.
Do I somehow need to initially switch on the reverse proxy functionality?
Which have you stopped using this setup?
Do I somehow need to initially switch on the reverse proxy functionality?
Can you check at the Web Admin, on the "System services" then "Services" if the "WAF" service is running? If not then start It.
Also, do you have any NAT Rule in place which could be using the same TCP port? NAT Rules takes priority over WAF Policies.
If there are no logs available then the client didn't reach the WAF at all.
Which have you stopped using this setup?
The WAF available with the Firewall doesn't have the "necessary" capabilities for me to use It as a reverse proxy, such as HTTP Headers modifications (Adding or Removing.) TLS 1.3 or HTTP/2.
But the actual reason on why I stopped using It is because of the performance of my XG 115w. Adding, removing or even modifying a single WAF Policy takes minutes.
If a post solves your question use the 'Verify Answer' button.
Ryzen 5600U + I226-V (KVM) v21 GA @ Home
Sophos ZTNA (KVM) @ Home