Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

webserver || waf || dmz zone

Hi,

we have added a web server behind the WAF in DMZ zone.

LAN/WAN- we can access the web server through a public IP address.

we have a backup server in the LAN zone. How to do backup Lan to Dmz zone using public IP or private IP of server of the webserver



This thread was automatically locked due to age.
Parents
  • Hello,

    Thanks for reaching out. 

    Could you show your network diagram/setup and kindly confirm the expected output for this query? 

    Also, could you show the FW/WAF rules you're currently using for the setup?

    Thank you

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi,

    pls, find the network diagram.

    webserver in DMZ zone we are applying the WAF policy in the firewall.

    now, the web server we are accessing from outside/lan/vpn through FQDN( FQDN points to the public IP of waf)

    backup server in the LAN zone we will do a backup of the webserver how to do backup.

    Thanks 

    SATYA

  • Hello,

    Thank you for providing the diagram,

    I may recommend here is that you configure the server to have redundancy instead of configuring a backup on LAN.

    Always a good practice to separate your public-facing servers on your local network, so if any potential compromise happens in DMZ it lessens the surface to that zone.

    But configuration-wise, I think a WAF rule below your original rule for the DMZ server would achieve what you expect (but even if this pushed through I believe it would not be a best security practice) 

    Further, I may also recommend you reach out to your local Sophos Sales Engineer or Partner should you need to discuss further but I do hope my insights help you on your setup.

    Hope you have a nice day and thank you for choosing Sophos. 

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • Hello,

    Thank you for providing the diagram,

    I may recommend here is that you configure the server to have redundancy instead of configuring a backup on LAN.

    Always a good practice to separate your public-facing servers on your local network, so if any potential compromise happens in DMZ it lessens the surface to that zone.

    But configuration-wise, I think a WAF rule below your original rule for the DMZ server would achieve what you expect (but even if this pushed through I believe it would not be a best security practice) 

    Further, I may also recommend you reach out to your local Sophos Sales Engineer or Partner should you need to discuss further but I do hope my insights help you on your setup.

    Hope you have a nice day and thank you for choosing Sophos. 

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data