Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 40 subscribers
  • Views 2524 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Order of domains in WAF rules

Martijn Bouman

XGS Firewall, WAF rules has 10 listed domains.

What is the sort order based on for these domains?

Whenever we delete one from say position 5, add a few new ones, then add the number 5 one again (we have saved and reopened the rule multiple times) it goes back to position 5. Why is this? Why isn't it alphabetic? Shouldn't it be added at the back, if we add it last?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Martijn,

    you mean the list of domains within a WAF rule..?

    This is the list of domains the rule should respond to.

    The order of the domains doesn't matter at all.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Yes, i know that, but it is rather annoying that its not alphabetical but apparently its "time" based. As in, whichever name got added first will always stay on top, no matter if you delete it, add 5 other domains and then later add it again, it will again be on top.

    So when we have to scroll trough it to find one in particular, its annoying.

    I know its a minor issue, but we are having other problems right now which has a lot of impact on what is the TOP domain listed in a WAF rule, as the WAF rule seems to default to the top listed domain when something goes wrong, thus changing the requested url from one domain to another one.

    Case: 07051005 (sophos.com)

  • 0 in reply to Martijn Bouman

    Hi Martijin,

    Thank you for reaching out to Sophos Community.

    Upon checking your case update. The Case handler is requesting a schedule for a remote session.

    For the Plan of Action. kindly see below.

    • Please take the pcap screenshot for the working and nonworking scenarios to confirm the WAF rule.
    • Har file when for working and non-working scenarios.
    • Need to collect working and non-working WAF PCAP and WAF debug logs.
    • Need to check if it’s working with the DNAT rule or not.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • 0 in reply to Martijn Bouman

    Hi Martijin,

    Thank you for reaching out to Sophos Community.

    Upon checking your case update. The Case handler is requesting a schedule for a remote session.

    For the Plan of Action. kindly see below.

    • Please take the pcap screenshot for the working and nonworking scenarios to confirm the WAF rule.
    • Har file when for working and non-working scenarios.
    • Need to collect working and non-working WAF PCAP and WAF debug logs.
    • Need to check if it’s working with the DNAT rule or not.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data
Unfiltered HTML