domain based natting in sophos xg firewall

Question

Hello, I only have one public IP address, but I have several domains, such as ui.mw.com, uat.mw.com, and demo.mw.com Similarly, I currently use port forwarding to visit various domains, such as uat.mw.com:7443 and demo.mw.com:6443. It's doing well, however because my routing is based on domains rather than ports, I must run all of my web servers in the 443 port. Using the Sophos XG Firewall, how do I route domain-based natting?

Edited TAGs
[edited by: Erick Jan at 9:33 AM (GMT -7) on 5 Sep 2023]

kerobra · Accepted Answer

That is no NATing at all, you will need to use the Web server protection feature to achieve that. That feature runs on port 80 or 443 and will forward the request based on the entered FQDN to the servers at the backend. 
 In the firewall rule you have to select "Protect with web server protection" to get into the assistant that helps you configuring it. Some webservers will need a bit more configuration if something isn't working. 
 Web server protection needs an own subscription. The only other thing you could do is position a reverse proxy like nginx on one server where 443 is NATed to and that then decides, which internal server will be contacted using the different FQDNs.

domain based natting in sophos xg firewall

Top Replies