Thread Info
  • State Verified Answer
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 880 views
  • Users 0 members are here
Options
Suggested

Web Protection Rule and Host name

deepakkhw

Hi,

Till to Version17.5, there is a mandatory field in the Business rule as Host Name and the same field is there in version 18 also. But there is not mandatory that you have to access web services using the same hostname only as it is in the V17.5. Here, If you will try to access using the IP address then it is allowing to access the webserver. 

Accessing Server using the IP address. 

 

Firewall Rule configuration. 

NAT Rule for the same. 

 

Can anyone explain that it is a bug or configuration issue or now Sophos Removed the mandatory field as Hostname?

 

Parents
  • +1

    Did you create the DNAT Rule? 

    Because basically you will skip the WAF in that case and DNAT the traffic directly to the Server behind XG.

    As far as i know, WAF does not need any kind of NATting. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi,

    Yes, you are correct as I created a DNAT rule, It is working fine after disabling the DNAT rule.

    But, Here completely mixed, as Normal Port forwarding is required DNAT rule, LAN to WAN rule (user or host rule) is required SNAT and WAF is not required any NAT rule.

     

    In the second case, In the Normal port forwarding, it is required a DNAT rule and Firewall Policy but the Configuration of the firewall policy feels like that it is firewall checking the firewall policy before checking the DNAT rule. Why I saying because of IP subnet or IP required in "Destination networks" filed in the WAN to LAN rule.

    As per the standard process, here must be the LOCAL server IP address which is seating in the LAN network. But Sophos requires as ANY or Original destination IP address. Why is it?

    Thanks,

    Deepak Kumar

    Sophos XG & Central Architect 

Reply
  • 0 in reply to LuCar Toni

    Hi,

    Yes, you are correct as I created a DNAT rule, It is working fine after disabling the DNAT rule.

    But, Here completely mixed, as Normal Port forwarding is required DNAT rule, LAN to WAN rule (user or host rule) is required SNAT and WAF is not required any NAT rule.

     

    In the second case, In the Normal port forwarding, it is required a DNAT rule and Firewall Policy but the Configuration of the firewall policy feels like that it is firewall checking the firewall policy before checking the DNAT rule. Why I saying because of IP subnet or IP required in "Destination networks" filed in the WAN to LAN rule.

    As per the standard process, here must be the LOCAL server IP address which is seating in the LAN network. But Sophos requires as ANY or Original destination IP address. Why is it?

    Thanks,

    Deepak Kumar

    Sophos XG & Central Architect 

Children
No Data
Unfiltered HTML