Hello, I would like for SOFS 18 to authenticate users on the device before granting access to a web server using WAF. I found the article below but refers to UTM 9 and I can't adapt to SOFS 18. Can anyone help please? Thanks support.sophos.com…

Hello Community, for one Web-Service we need to pass a WebSocket through the WAF. Is it possible to create a rule for " wss://" Traffic? Thanks, Ben

I've followed KB-000041605 and the Posting from KingChris and changed the entry in the file /usr/apache/conf/httpd.conf After that I've restarted the WAF service. Still there has been no change in the reported Active Cypher Suites on the SSL LABS…

At a Pen Test for one of our websites behind WAF we received the message that the server was using only Default Prime Numbers. How can we change this?

Hey Fam, dows anyone ever worked with Webserver protection and bigbluebutton? I´ve created a new webserver (https) and called everything that comes to bbb.domain.com go to my internal bbb server. So far so good, I can login, I can browse BUT when…

Hey everybody, actually I have a couple of Applications I Host behind the Sophos. When I need the BigBlueButton Server I change my HTTPS access from OWA to BBB. How can I use all of them (NextCloud, OWA, BigBlueButton, Wordpress) at the same time…

I noticed this just recently when a client's servers were down for maintenance. If you set up a WAF rule with a target of an FQDN host, and if this host can't be resolved, the error message contains the name of the internal server, eg: The proxy server…

I am on 18.5 MR2 Build 380. Every time I reboot the firewall, the WAF is not starting. In reversproxy.log these same lines appear every couple of seconds: [Fri Jan 28 16:02:27.194845 2022] [core:warn] [pid 17313:tid 139992993545088] AH00111: Config…

I have a nginx web server, Sophos XG and websites goes through cloudflare. I am trying to configure the WAF so I tried 2 different things with the same result One was to create the certificate as explained here https://community.sophos.com/sophos…

When updating a Cert from year to year. Why does the "Domains" in a waf rule reset to default. This is annoying. If the coverage of the cert is the same it shouldn't reset the field.

Hi, We've a XG230 running SFOS 18.5.2 MR-2-Build380 Under Web Server -> General Settings -> TLS version settings I have three options. TLS v1 or later TLS v1.1 or later TLS v1.2 We have TLS v1.2 selected. I've checked and can confirm…

Hi! I've bought an Alpha SSL wildcard certificate. I've imported it i my XG 125 But when I go to the WAF firewall rules, I don't see it What stem am I missing? I've done it some years ago, but...I can't remember! Thanks!

Hello, I am trying to set up a WAF rule on an XGS. Basically the setup is clear, but I can't get a connection from the WAN to the webserver. I tried to find out by log why it does not work. but I do not get further. I use : SFOS 18.5.1 MR-1-Build326…

If you try to clone a WAF rule in your XG 18.5-MR1. They don't work. I was scratching my head getting a forbidden message after cloning an existing WAF rule. Destroyed it and recreated and it works.

Good morning: I have a Sophos xg230 with the SFOS version 18.5.2 MR-2-Build380. I would like to configure the Waf with the following scenario: 1 public ip address 2 different domains 2 different servers I configure the waf rule with the web1.sophos.com…

Hi, Any one can help my to share the documents / tutorials regarding the WAF configuration in XG. Thanks and regards, KS Ghosh

Hi, does somebody successfully pblished Windows Terminalserver 2019 with Sophos XG? If yes: Any hints how to? I am able to get the rdweb page available from outside. But when starting an app the comes user credentials pop up from internal server…

We have an issue trying to configure additional ISP for publishing the Exchange's OWA to internet. At the moment the publishing is working for the active ISP and is configured as follows. - User Portal configured to use port 443 and to use xg public…

Hi All, I have a web server running behind a WAF rule. I cannot find a way block traffic from outside North America inbound. I used to run these behind a DNAT and I could specify this, but cannot in WAF (unless I am missing something). Thanks in advance…

Hello, I am new to the concept of WAFs. One of the reasons we went with the Sophos is because it has WAF capabilities. When the WAF was originally set up by our cloud provider, basic settings were configured and it was put in "Monitor" mode so we could…

Hi, actually i fail with installing a Remotedesktogateway and the Webserver Protection. Reverseproxy Error when try to login to RDGW. [Sat Dec 11 13:02:04.941531 2021] [proxy_http:error] [pid 3252:tid 139836996437760] (104)Connection reset by peer…

Hi there. When i moved my web server from standard dnat to waf rule all incoming packets in server have scr address = wan interface. Is it possible to set up WAF without changing source addresses of incoming packets? I need to see on the web server…

We are running a WAF on a virtual appliance with SFOS 18.0 installed. In the firewall rules created for WAF forwarding, two Exceptions are set. In the first exception, two Advanced items are checked for "Any IPv4". In the second exception, all security…

Hello, since version 18.0 MR5 it should be possible to share port 443 between User Portal, SSL VPN and WAF. I have configured WAF rules for Exchange Server (TCP 443), which is working fine. SSL VPN is configured to use UDP 443, which is working as well…

Hi. I recently decided to put my Emby server behind Sophos WAF, rather than opening port directly that points to the Emby server docker container. I believe this is safer? I was able to set up http. How do I set up https for this? I noticed playback…