Hello,I am trying to configure UTM9 Webserver Protection feature to manage several domain names, routing to specific web servers in DMZ, through my one and only public IP.
I have 2 DNS entries pointing to the same public IP:sub1.mydomain.comsub2.mydomain.comI have NAT rule on router to forward incoming 443 trafic to the UTM9 WAN interface address.I have 2 webservers in DMZ (10.129.50.0):webserver1 on 10.129.50.10webserver2 on 10.129.50.11The way it should works : accessing sub1.mydomain.com should redirect trafic to webserver1, accessing sub2.mydomain.com should redirect trafic to webserver2. Well.I configured each virtual webservers with the correct FQDN (sub1.mydomain.com and sub2.mydomain.com for the other one)As all 443 traffic is NATed from router to UTM9 WAN interface, an incoming request on port 443 from outside should hit the Webserver Protection, which should match the incoming request (sub1.mydomain.com) to the right virtual webserver which has domain sub1.mydomain.comright ?
With this configuration:
https://sub1.mydomain.com --> https://sub2.mydomain.com --> timeout.
https://sub1.mydomain.com --> 403 Forbidden10.129.50.10 -->
https://sub2.mydomain.com --> 10.129.50.11-->
Where is my mistake(s) ?
Do I have to set additionnal NAT rules on UTM9 ? If so, what is the best practice rule ?Thanks for your help,
Well, here are my progresses :
In virtual webservers, I selected Interface External WAN Adress and type HTTPS+redirect
Now from outside :
sub1.mydomain.com --> sub2.mydomain.com -->
But from LAN network... :
sub1.mydomain.com --> timeoutsub2.mydomain.com --> timeout
One step forward, one step backward
WAF log says :
2022:09:14-13:12:03 firewall httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="108" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="350" url="/lb-status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YyG3Ay_a0LMopbPNsKk31wAAACA"
Is it loopback problem or something similar ? If so, I suppose here is the point to setup NAT rules for LAN users ? Any help appreciated...
I have moved your post to the utm forum which is the correct forum for this question.
XG115W - v19.5 GA - Home
Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA
If a post solves your question please use the 'Verify Answer' button.
Salut and welcome to the UTM Community!
If your DNS configuration looks like DNS best practice, you have two choices:
Bien marché ?
Cheers - Bob
Chosen 1st solution, works perfectly
Merci beaucoup Bob !