This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Server behind WAF

Hi Guys. Supposed you have a server that needs to communicate internally and also be publicly accessible. For this situation you would create two interfaces for the server with one interface in the DMZ and the other in the internal network.

So what if you put the server behind a WAF? Will one interface in the internal network is sufficient and is considered secure since the WAF will be acting as a reverse proxy and would be mapped to the internal interface.

This thread was automatically locked due to age.

Parents

0 BAlfson over 3 years ago

Sorry, Mohamed, I'm not sure that I understand your question or your situation.

Normally, I don't run internal traffic through WAF to a server in a DMZ - I just do as Philipp suggests and have internal traffic pass via a firewall rule and default routing.

If you also want to use WAF for internal traffic,create a duplicate Virtual Server on the Internal interface with an Additional Address. You'll also need Philipp's solution of spit-DNS.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 3 years ago

Sorry, Mohamed, I'm not sure that I understand your question or your situation.

Normally, I don't run internal traffic through WAF to a server in a DMZ - I just do as Philipp suggests and have internal traffic pass via a firewall rule and default routing.

If you also want to use WAF for internal traffic,create a duplicate Virtual Server on the Internal interface with an Additional Address. You'll also need Philipp's solution of spit-DNS.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data