Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions webserver || waf || dmz zone

Sophos Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Replies 3 replies
Answers 1 answer
Subscribers 39 subscribers
Views 682 views
Users 0 members are here

Options

Suggested

webserver || waf || dmz zone

SatyabrataB 12 days ago

Hi,

we have added a web server behind the WAF in DMZ zone.

LAN/WAN- we can access the web server through a public IP address.

we have a backup server in the LAN zone. How to do backup Lan to Dmz zone using public IP or private IP of server of the webserver

Added TAGs
[edited by: Erick Jan at 10:28 AM (GMT -7) on 4 Sep 2024]

Top Replies

Raphael Alganes 7 days ago in reply to SatyabrataB +1 suggested

Hello, Thank you for providing the diagram, I may recommend here is that you configure the server to have redundancy instead of configuring a backup on LAN. Always a good practice to separate your…

Parents

0 Raphael Alganes 8 days ago

Hello,

Thanks for reaching out.

Could you show your network diagram/setup and kindly confirm the expected output for this query?

Also, could you show the FW/WAF rules you're currently using for the setup?

Thank you

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 SatyabrataB 7 days ago in reply to Raphael Alganes

Hi,

pls, find the network diagram.

webserver in DMZ zone we are applying the WAF policy in the firewall.

now, the web server we are accessing from outside/lan/vpn through FQDN( FQDN points to the public IP of waf)

backup server in the LAN zone we will do a backup of the webserver how to do backup.

Thanks

SATYA
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 SatyabrataB 7 days ago in reply to Raphael Alganes

Hi,

pls, find the network diagram.

webserver in DMZ zone we are applying the WAF policy in the firewall.

now, the web server we are accessing from outside/lan/vpn through FQDN( FQDN points to the public IP of waf)

backup server in the LAN zone we will do a backup of the webserver how to do backup.

Thanks

SATYA
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Raphael Alganes 7 days ago in reply to SatyabrataB

Hello,

Thank you for providing the diagram,

I may recommend here is that you configure the server to have redundancy instead of configuring a backup on LAN.

Always a good practice to separate your public-facing servers on your local network, so if any potential compromise happens in DMZ it lessens the surface to that zone.

But configuration-wise, I think a WAF rule below your original rule for the DMZ server would achieve what you expect (but even if this pushed through I believe it would not be a best security practice)

Further, I may also recommend you reach out to your local Sophos Sales Engineer or Partner should you need to discuss further but I do hope my insights help you on your setup.

Hope you have a nice day and thank you for choosing Sophos.

Regards,

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel