This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Serving webservers using WAF upon UTM9


I am trying to configure UTM9 Webserver Protection feature to manage several domain names, routing to specific web servers in DMZ, through my one and only public IP.

I have 2 DNS entries pointing to the same public IP:

I have NAT rule on router to forward incoming 443 trafic to the UTM9 WAN interface address.
I have 2 webservers in DMZ (
webserver1 on
webserver2 on

The way it should works : accessing should redirect trafic to webserver1, accessing should redirect trafic to webserver2. Well.

I configured each virtual webservers with the correct FQDN ( and for the other one)
As all 443 traffic is NATed from router to UTM9 WAN interface, an incoming request on port 443 from outside should hit the Webserver Protection, which should match the incoming request ( to the right virtual webserver which has domain
right ?

With this configuration:

  • From outside : --> Thumbsup tone1 --> timeout.

  • From wired LAN network : --> 403 Forbidden --> Thumbsup tone1 --> Thumbsup tone1> Thumbsup tone1

 Sweat Where is my mistake(s) ?

Do I have to set additionnal NAT rules on UTM9 ? If so, what is the best practice rule ?

Thanks for your help,

Well, here are my progresses :

In virtual webservers, I selected Interface External WAN Adress and type HTTPS+redirect

Now from outside : --> Thumbsup tone1 --> Thumbsup tone1

But from LAN network... : --> timeout --> timeout

One step forward, one step backward Unamused

WAF log says :

2022:09:14-13:12:03 firewall httpd: id="0299" srcip="" localip="" size="108" user="-" host="" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="350" url="/lb-status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YyG3Ay_a0LMopbPNsKk31wAAACA"

Is it loopback problem or something similar ? If so, I suppose here is the point to setup NAT rules for LAN users ? Any help appreciated...

This thread was automatically locked due to age.
Parents Reply Children
No Data