• Reverse authentication

    Mark Fisher1
    Mark Fisher1
    Hello, I would like for SOFS 18 to authenticate users on the device before granting access to a web server using WAF. I found the article below but refers to UTM 9 and I can't adapt to SOFS 18. Can anyone help please? Thanks support.sophos.com…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Pass a WebSocket connection through WAF

    Ben@Network
    Ben@Network
    Hello Community, for one Web-Service we need to pass a WebSocket through the WAF. Is it possible to create a rule for " wss://" Traffic? Thanks, Ben
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: WAF cipher suites - How-To activate change

    AlexanderPoettinger
    AlexanderPoettinger
    I've followed KB-000041605 and the Posting from KingChris and changed the entry in the file /usr/apache/conf/httpd.conf After that I've restarted the WAF service. Still there has been no change in the reported Active Cypher Suites on the SSL LABS…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • WAF: TLS/SSL Server uses only Default Prime Numbers

    AlexanderPoettinger
    AlexanderPoettinger
    At a Pen Test for one of our websites behind WAF we received the message that the server was using only Default Prime Numbers. How can we change this?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • BigBlueButton Sophos XG 18

    Dennis Braun
    Dennis Braun
    Hey Fam, dows anyone ever worked with Webserver protection and bigbluebutton? I´ve created a new webserver (https) and called everything that comes to bbb.domain.com go to my internal bbb server. So far so good, I can login, I can browse BUT when…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Multiple Webserver (NextCloud, OWA, BigBlueButton, Wordpress)

    Dennis Braun
    Dennis Braun
    Hey everybody, actually I have a couple of Applications I Host behind the Sophos. When I need the BigBlueButton Server I change my HTTPS access from OWA to BBB. How can I use all of them (NextCloud, OWA, BigBlueButton, Wordpress) at the same time…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • WAF information leakage

    jamesharper
    jamesharper
    I noticed this just recently when a client's servers were down for maintenance. If you set up a WAF rule with a target of an FQDN host, and if this host can't be resolved, the error message contains the name of the internal server, eg: The proxy server…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • WAF not starting after reboot due to config error

    EdmundSackbauer
    EdmundSackbauer
    I am on 18.5 MR2 Build 380. Every time I reboot the firewall, the WAF is not starting. In reversproxy.log these same lines appear every couple of seconds: [Fri Jan 28 16:02:27.194845 2022] [core:warn] [pid 17313:tid 139992993545088] AH00111: Config…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • WAF and SSL offloading

    l0rdraiden
    l0rdraiden
    I have a nginx web server, Sophos XG and websites goes through cloudflare. I am trying to configure the WAF so I tried 2 different things with the same result One was to create the certificate as explained here https://community.sophos.com/sophos…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Updating Cert for the same Cert Domain should not reset the "domains field."

    Robert Hau
    Robert Hau
    When updating a Cert from year to year. Why does the "Domains" in a waf rule reset to default. This is annoying. If the coverage of the cert is the same it shouldn't reset the field.
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG230 WAF support for TLS 1.3?

    Steve Scotter
    Steve Scotter
    Hi, We've a XG230 running SFOS 18.5.2 MR-2-Build380 Under Web Server -> General Settings -> TLS version settings I have three options. TLS v1 or later TLS v1.1 or later TLS v1.2 We have TLS v1.2 selected. I've checked and can confirm…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Alpha SSL wildcard problem

    Andrea_e
    Andrea_e
    Hi! I've bought an Alpha SSL wildcard certificate. I've imported it i my XG 125 But when I go to the WAF firewall rules, I don't see it What stem am I missing? I've done it some years ago, but...I can't remember! Thanks!
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • WAF XGS: Not working

    ekme_
    ekme_
    Hello, I am trying to set up a WAF rule on an XGS. Basically the setup is clear, but I can't get a connection from the WAN to the webserver. I tried to find out by log why it does not work. but I do not get further. I use : SFOS 18.5.1 MR-1-Build326…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Unable to Clone a WAF rule in XG 18.5-MR2

    Robert Hau
    Robert Hau
    If you try to clone a WAF rule in your XG 18.5-MR1. They don't work. I was scratching my head getting a forbidden message after cloning an existing WAF rule. Destroyed it and recreated and it works.
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Waf config Help

    Nfo99
    Nfo99
    Good morning: I have a Sophos xg230 with the SFOS version 18.5.2 MR-2-Build380. I would like to configure the Waf with the following scenario: 1 public ip address 2 different domains 2 different servers I configure the waf rule with the web1.sophos.com…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • WAF configuration in XG

    Kripasindhu Ghosh
    Kripasindhu Ghosh
    Hi, Any one can help my to share the documents / tutorials regarding the WAF configuration in XG. Thanks and regards, KS Ghosh
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Somebody successfully pblished Windows Terminalserver 2019 with Sophos XG

    GernotMeyer
    GernotMeyer
    Hi, does somebody successfully pblished Windows Terminalserver 2019 with Sophos XG? If yes: Any hints how to? I am able to get the rdweb page available from outside. But when starting an app the comes user credentials pop up from internal server…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Publishing OWA on different ISP at the same time

    StefanoColombo
    StefanoColombo
    We have an issue trying to configure additional ISP for publishing the Exchange's OWA to internet. At the moment the publishing is working for the active ISP and is configured as follows. - User Portal configured to use port 443 and to use xg public…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • WAF Rule configuration to only allow access from North America

    Stuart Hamilton1
    Stuart Hamilton1
    Hi All, I have a web server running behind a WAF rule. I cannot find a way block traffic from outside North America inbound. I used to run these behind a DNAT and I could specify this, but cannot in WAF (unless I am missing something). Thanks in advance…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • WAF - Monitor vs Reject

    djb-sophos
    djb-sophos
    Hello, I am new to the concept of WAFs. One of the reasons we went with the Sophos is because it has WAF capabilities. When the WAF was originally set up by our cloud provider, basic settings were configured and it was put in "Monitor" mode so we could…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • WAF and Remotedesktopgateway 2019 SFOS 18

    n33dfull
    n33dfull
    Hi, actually i fail with installing a Remotedesktogateway and the Webserver Protection. Reverseproxy Error when try to login to RDGW. [Sat Dec 11 13:02:04.941531 2021] [proxy_http:error] [pid 3252:tid 139836996437760] (104)Connection reset by peer…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Question about moving server from DNAT to WAF and source address of incoming packets.

    Marcin Mart
    Marcin Mart
    Hi there. When i moved my web server from standard dnat to waf rule all incoming packets in server have scr address = wan interface. Is it possible to set up WAF without changing source addresses of incoming packets? I need to see on the web server…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • In WAF forwarding rules, IP addresses set as exceptions are blocked.

    bonnie
    bonnie
    We are running a WAF on a virtual appliance with SFOS 18.0 installed. In the firewall rules created for WAF forwarding, two Exceptions are set. In the first exception, two Advanced items are checked for "Any IPv4". In the second exception, all security…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sharing port 443 between WAF and User Portal not working

    Dreamcatcher
    Dreamcatcher
    Hello, since version 18.0 MR5 it should be possible to share port 443 between User Portal, SSL VPN and WAF. I have configured WAF rules for Exchange Server (TCP 443), which is working fine. SSL VPN is configured to use UDP 443, which is working as well…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Emby/ Plex (container) server on WAF HTTPS

    jang430
    jang430
    Hi. I recently decided to put my Emby server behind Sophos WAF, rather than opening port directly that points to the Emby server docker container. I believe this is safer? I was able to set up http. How do I set up https for this? I noticed playback…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>