This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I can not connect (internally) the company's website published on the Internet

Internally, I can not access the address https://webmail.mydomain.com, as well as any other site that was published by sophos UTM 9. What must rule release to be able to access the publications made by sophos through my internal network ??? ?


Tnx,

Carlos Lima.



This thread was automatically locked due to age.
  • I've not had it happen on the UTM as I normally place our external domains on the internal dns so they resolve internally as above.

    I know pFsense and other firewalls didn't like you going external to come back back in and they classed it as some sort of DNS rebinding attack. You had to specifically remove some of the protection on top of the firewall rules to get it to do this which it didn't advise.

    We do go out to come back in on our network but purely for testing purposes and we go out of a different gateway to come back in on the target address. We don't use the same gateway to come back in on itself.

    Going out to come back in isn't strickly efficient and probably not the best ways to do things.

  • Emile,

    I tried to access the private IP on port 443, out of my internal network, and can access (sucess). But when I try in my internal network, using PRIVATE IP on port 443, also can not access. The problem is not DNS (name resolution).


    I use the default access rules (Internal Network-> Web Surfing-> ANY). I create some other rule for access ????

     

    Tnx guys...

  • I understood Louis, you apply the best name resolution practices. Very good!!!! I will use this way also. But you understand what is happening, is not DNS, in my case....

  • no, it won't be DNS but more to do with the firewall & natting. If your external ip is eg 123.123.123.123, you would end up coming back on yourself and I don't think the UTM would like that.

  • Carlos,

    Louis M makes a good point "If your external ip is eg 123.123.123.123, you would end up coming back on yourself and I don't think the UTM would like that."

    This is correct and in these cases we use the DNS loop back which is done using a Full NAT, mapping both the source and destination. However judging from the nslookup, it's resolving internally and unless we are on a different subnet the packets may not even be flowing through the firewall. 
    When accessing this are you on the same subnet as the web server? Also, was this working previously and we just put the Sophos in place, or is it a new web server?
  •  

    True!!! I created in my internal DNS records for external domain pointing to the internal server and it worked.

    Thank you so much guys.

    It's working now!!!!