3CX DLL-Sideloading attack: What you need to know
Hello, We have created a website that is hosted internally and can be accessible. But we want that website to be accessible on the internet without VPN. (I can access it with VPN) I created a DNAT rule to allow any traffic from outside to that server. Is there anything else I need to create ? Thank for your help
This did not help. I created a rule which let me access the website on VPN. I am also able to ping the website from an external network but I can't access it from the browser.
You are most likely just pinging your external IP address which hosts more than a website I am guessing.
If you couldn't access your site after setting up Webserver, then it is either incorrect or you have a routing issue.
You may want to post some screenshots of your setup of Webserver Protection.
XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SSD HDD | GB Ethernet x5
This Ping is from an external network. I am not on VPN.
After creating the WAF did you disable your DNAT rule and try?
Yes I did.. Just to give you an overview. The website is built by a different vendor on our development server. The domain name is the dev.xxxxx.com but the ip address is the dev server. Now when i try to access the website off network I get redirected to the Sophos User portal. If I am able to ping doesn't that mean I should able to access the website ? My firewall rule is Any->HTTP->WAN Dev server. Thats the traffic coming from outside to inside. I had also created a rule that would allow traffic from inside to outside but that didn't help to work too.
Applying rules to work with WAF and setting up WAF at the same time won't help your cause, they will battle each other for the title, so to speak and I believe the firewall rules > WAF when it comes to the order in the UTM world.
The rule shouldn't be needed if you are using WAF. PING is just an acknowledgment of a packet. It sounds like maybe your Network Definitions are off with this? Did you check those to make sure your definition is correct? Like I said before, you are most likely just pinging your external IP address that probably houses more than a website. From what I can tell your WAF looks okay; I would make sure the definition is pointing to the correct IP and any other rules you have related to your dev server.
EDIT: Do you have more than one external IP and does your dev server 'own' one of them for itself? Or, are you using only one external IP and using A records in DNS for your subdomains?
The DEV server has its own External IP.
Right now in definitions I have the Dev server name pointing to the IP. Should I may be also have another definition to point just the domain name (dev.xxxxxx.com) to the same Dev IP? I am checking the definition and the rules again now.
I didn't see your first thread, so a belated welcome to the UTM Community!
See #2 in Rulz to understand the priorities of how an incoming packet is handled.
Please copy here the relevant lines from the Web Application Firewall log when you try to connect from the outside
Cheers - Bob.
Just check your DNS to make sure your DNS name is directing to the same IP.
Are there any WAF logs to show an attempted connection/refusal when you try to access it?