Hi all, When AV or other protection features are enabled, we keep running into various problems while uploading large files. Sometimes the disk space (Temp=100%) seems to be the cause, sometimes other internal buffers. We have the requirement to allow…

Hi, I have a WAF rule configured for path-specific routing, however, the routes I am specifying are all to the same target web server, but with different restrictions. e.g. / - restricted to specific IP ranges, target sevrer1 /myapp/ - not restricted…

XGS Firewall, WAF rules has 10 listed domains. What is the sort order based on for these domains? Whenever we delete one from say position 5, add a few new ones, then add the number 5 one again (we have saved and reopened the rule multiple times)…

I found some old posts (>2y ago) about the XG WAF module not supporting MFA authentication for a webservice. Has this changed since? We want to use MFA before using on-prem Exchange OWA. Many internal users already have an Sophos MFA token and it…

Situation. We have a WAF rule with several test sites in the domains list. Example below. test1.testurl.com test2.testurl.com test3.testurl.com test4.testurl.com These all point to one IIS. On the IIS these are all separate sites. When we…

Hallo Community, Ich prüfe aktuelle das Setting mit einer XGS ( SFOS 19.5.3 MR-3-Build652) und dem Windows 2022 RDS. Die Rollen RDS Web und Gateway laufen auf einem dedizierten Server, der RDS Session Host und RDS Lizenz Server sind ebenfalls ein jeweils…

Hi. I am facing an issue with the Web Application Firewall. I have several WAF rules configured, some using SSL and other are not. They point to a central web server. The domain name is used to differentiate each web app and that is forwarded on to…

Hi all, SFOS 19.5 Just got a problem with WAF and RDG 2019, i can't log to my server and i have this error: /rpc/rpcproxy.dll WAF Anomaly Inbound Anomaly Score Exceeded (Total Score: 13) Hope i will find…

Moin, ich muss mich zum ersten Mal mit der Webserver Protection auseinandersetzen. Dabei habe ich das Problem, dass ich beim Anlegen einer neuer Firewall Regel, das Zertifikat nicht auswählen kann. Was habe ich bisher gemacht? 1. Das Zertifikat…

After upgrade - all WAF with authentication form with template shows 404. Opening and saving Protection Policy - does not solve the issue. Recreation of Authentication Policy - does not solve the issue. Reimporting form template - does not solve…

Hallo zusammen, leider komme ich mit dem Sophos Support hier nicht oder nur schleppend weiter. Folgende Situatiion: Wir haben eine XGS3100 beim Kunden am Main Office in Betrieb genommen. Daran angebunden sind diverse Standorte hinter einem Site2Site…

I want to set up a WAF on the firewall, but a domain needs to be set in the WAF rules. My server does not have a corresponding domain, how should I set it? I checked the official website manual, but I don't quite understand the statement in the manual…

Hi y'all, I am struggling with the following scenario: Webserver protection works fine for several sites. Now I would like to protect an internal web service that should be available via https (yes, http S ) on port 8080 (I know...). Webserver Protection…

Hallo zusammen, ich wollte mich mal mit den WAF Möglichkeiten beschäftigen. Grad das Path-Specifig Routing ist für mich interessant. Ich habe jetzt 2 VM´s in der DMZ, jeweils mit Apache2 auf Port 80 (alles Testhalber). Ich habe jetzt wie im Screenshot…

Hi, I'm having trouble with the WAF, XGS 2300 v19.5.1 I add the webserver web .xxx.xxx - it has policy ID 129 . But if I go to web .xxx.xxx in the log it shows that web.xxx.xxx has policy ID 43 . I get a 503 error But the policy ID 43 is spsluzba.xxx…

Hello, I have a question regarding if this a bug, feature or just misconfiguration of our part: I've successfully managed to configure the RD gateway and RD web access in the Sophos XG with WAF rule. I took the RDG 2012 profile provided by the XG and…

Hi all, I use a XGS 2300 with actual path level. We migrated fresh from UTM. In UTM we redirected in WAF to have mail.server.com redirected to mail.server.com/owa (Exchange Outlook Web Access). I only find old articles describing, that this is…

Hallo zusammen, wir wollen unsere Webserver mit Fail2ban umstellen, sodass diese über WAF erreichbar sind. Da dann im Log des Webservers die Interne IP der Firewall auftaucht, wird leider diese von Fail2ban gebannt. Man kann zwar die IP X-Forwarded…

Dear All Currently I setup new Lab to test Web Server Protection to have better understanding regarding on how to it works. I trying to provide web server protection for public user to access my internal web server . Below is my network topology…

Hi all Am I correct in assuming that URL redirection as it was possible in UTM can no longer be implemented with XG 19.x? We would like to forward Visitors of our Homepage (which is a webserver behind a webserver protection / WAF rule) from ourdomain…

Hello everyone, I have a question regarding the usage of the command 'set http_proxy add_via_header off' in the CLI. We currently have a website and multiple host services, and we are considering disabling HTTP header information disclosure by request…

Hello everybody, I'm currently trying to establish the WAF setup for the current confirguration: Two sites are connected via IP Tunnel and everything is properly working with the static routes set-up. Now we have the need to setup Webserver Protection…

Hi, I configured the WAF on XGS87 (SFOS 19.5.2 MR-2-Build624), created the protection\authetication policies and applied them on the Firewall Rule. However, when I point the IP address of the published application, the login prompt to enter the username…

When making any changes to a WAF rule, form based authentications will stop working and throw an error 404. When editing the affected authentication policy and saving the settings, which reloads WAF, the problem is gone. This can be reproduced on two…

Hi All, I am trying to have the following setup on my XG unit. sub1.mydomain.com -> internalwebserver1 sub2.mydomain.com -> internalwebserver2 I have created 2 WAF rules on my XG unit, both of them have the FQDN of the public website in the domains…