Web Server Protection XGS - LAB Test

Question

Dear All 
 
 Currently I setup new Lab to test Web Server Protection to have better understanding regarding on how to it works. I trying to provide web server protection for public user to access my internal web server . 
 Below is my network topology.

On firewall side, I already define Web Server as below:

And this is firewall Rule under action " Protect with Web Server Protection ". At this point I started to get confused on how to configure it. I already refer to the administrator help under this link " ">doc.sophos.com/.../index.html still didn't get it on these part: 
 1. Hosted Address 
 2. Listening Port 
 3. Domains 
 
 If I want to make the web server public then how to configure these three part ya?. Please Help.

Raphael Alganes · Answer

Hello, 
 On Firewall rules - Selecting "Protect with Web Server Protection" means you use WAF instead of DNAT 
 Hosted Address - This should be the public facing address you want external users to connect to your protected server 
 Listening port - If you WAF should listen to HTTP 80 or HTTPS 443 
 Domain/s - Your domain that should be protected by WAF 
 After these configuration you may follow along with the rest of the doc guide: https://doc.sophos.com/nsg/sophos-firewall/19.5/help/en-us/webhelp/onlinehelp/AdministratorHelp/WebServer/WAFProtectWebServerAgainstAttacks/index.html#define-a-firewall-rule 
 You may also check this Techvid: https://techvids.sophos.com/watch/533ayav36i8AYciDLAuvsu (it's a bit outdated but the concept and configuration still should be of use to conceptualize WAF) 
 Also, if this will be an implementation activity in the future, I may recommend you to reach out to you local Sales Engineer / local Sophos Partner for guidance. On the other hand you could also opt for Professional Services https://www.sophos.com/en-us/support/professional-services where a dedicated implementation/PS engineer would implement your Sophos solutions, please note that PS would be a service with fee if you opt to avail. 
 Hope this helps. Many thanks for your time and patience and thank you for choosing Sophos.