This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall and WAF - what comes first?

Hello,

this is a follow up on this post:

High CPU usage since 2:20 this night - General Discussion - UTM Firewall - Sophos Community

With some other questions. This is why the other post doesn't fit, but if reference is needed...

The question is:

What comes first? Firewall or WAF?

According to my tests, firewall can't block what WAF is allowing through, is that correct?

If so, is there a way I can selectively allow what is allowed on the WAF, like which IP or domain?

The problem I have is that the firewall is being bombarded with millions of packets daily from various sources (agents), and I have found no way to allow them on the WAF, without bringing the whole firewall to the crawl.

So my thinking is like, "block all, but allow x.x.x.x IP", hoping that one customer or IP won't overload the firewall, and I'll be able to update or uninstall agents.

Thank you.



This thread was automatically locked due to age.
  • 1. correct, you can#t block or allow WAF-Traffic from firewall-rules.

    2. there are some options restricting inbound traffic.

    - i love country-blocking with exceptions to WAF and mail

    - within WAf you can configure an accesslist ... at site-path-routing ... i think


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hallo, Kosta - I like Dirk's suggestions.  You will want to be aware of #2 in Rulz (last updated 2021-02-16) for similar questions in the future.  You should also be aware of Doug Foster's excellent guide: Securing Web Application Firewall (WAF).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA