Hello Sophos Community,
We are migrating from a UTM 9 unit to a new Sophos Firewall unit and I've setup a WAF rule for two internal web servers. When setting up the firewall rule, I chose the Action dropdown option of "Protect with web server protection". I have added both "real" web servers and copied the configuration from what we have setup in the UTM 9 unit. (ie. listening port, Redirect HTTP, Pass host header, etc., etc.)... everything was copied to be the same as we have setup in the UTM 9 system.
I'll use the domain www.example.com as the sample domain name here; from my LAN (internal network) computer, this domain name resolves to the same public IP address as defined in DNS on the WAN side (ie. "nslookup" from both external WAN clients and my internal LAN client return the same public IP address). I am able to access the virtual host WAF domain name from a WAN (external) client without any problems; the web page loads and it would appear that the WAF is working correctly. However, when I try accessing the domain from a LAN client I get a "403 Forbidden" response in the browser. Looking at the Sophos Firewall Logs page for "Web server protection", I'm seeing the firewall is returning valid 200 responses for requests from an external Source IP/name request, but returning 403 responses for requests from our internal LAN subnets.
Below is a screenshot of the "Web server protection" logs; the red circled responses are the 403 Forbidden responses I'm getting from my internal LAN computer. Why would the WAF be returning 403 for internal client requests? I can't figure out what I've done wrong with the configuration in the new Sophos Firewall unit.
Thanks in advance for any help!
Added TAGs
[edited by: Erick Jan at 7:55 AM (GMT -7) on 25 Apr 2024]
