Many of us are using Cloudflare or similar services to protected their Extranet / Webmail and other public websites using the Sophos WAF. It's possible to display the real IP addresses on any Linux servers behind the firewall by enabling Pass host header…

As with our current Sophos XGS Firewall Rules and Policies configurations, the Citrix Netscaler 2FA authentication is working. We started planning of using the Sophos XG Firewall Web Server Protection. The license required were purchased and registered…

Hi everyone, I am trying to find out if I can use the WAF rules to stop certain HTTP methods for connections to one of our web servers. I would like to try to only allow GET and POST and deny any of the others such as "DEBUG", "CONNECT", "PUT", "UPDATE…

Gday Needed to forward 25 ports to a webserver using WAF. I can't for the life of me work out how to enter in more than one port to either. Surely I don't need to create 25 webserver and 25 WAF rules? Anyone done this before?

Using Web Server Protection, I want a web server to only be reachable from some IP lists or IP host groups. How can I achieve this? In Access permission , Allowed client networks , it seems that I can only choose individual IP hosts of networks. Am…

Hi there, we have an internal URL (like server1/.../access.php This link is designed to be accessed directly from the Internet and we would like to make it available to the public. But as this link is quite complicated and as it might reveal details…

Hello, We use the Web Server Protection of Sophos XG Firewall and have now reached almost 60 WAF rules. This is also the maximum number of WAF rules. Is it possible to combine several URLs in one WAF rule and route them to different servers? WAF rule…

Hi all, When AV or other protection features are enabled, we keep running into various problems while uploading large files. Sometimes the disk space (Temp=100%) seems to be the cause, sometimes other internal buffers. We have the requirement to allow…

Hi all, I use a XGS 2300 with actual path level. We migrated fresh from UTM. In UTM we redirected in WAF to have mail.server.com redirected to mail.server.com/owa (Exchange Outlook Web Access). I only find old articles describing, that this is…

Hello Is it possible to use a group of IP addresses in a WAF rule exception? Adding many IP hosts one by one is very cumbersome.

Hello There. Are there any information when SOPHOS will improve WAF option on its iwn devices? Why we dont have such basic option to limit source traffic from WAN only for specific country? So far we can only do IPs..

Hello everyone, Is it possible to create custom WAF configurations without It being overwritten every time you edit or create a new WAF Policy ? I need to add both "AllowEncodedSlashes NoDecode", and "nocanon" at a certain WAF Policy. Thanks!