Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 4 subscribers
  • Views 27916 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Passing URL behind firewall. Web Proxy.

GZgidnick

Hi Guys!

I have UTM 9.410-6.

Behind the UTM I run an application which only responds to FQDN and no IP address. If accessed by IP the following message is displayed: "The client is not authorized to request an authorization. It's required to access the system using FQDN.".

Is there a way to Proxy the URL onto this server when I browse the server externally via NAT via the Sophos?

I already have the correct URL configured on my public DNS.



This thread was automatically locked due to age.
Parents
  • 0

    I wouldn't run DNAT for this. WAF (web application firewall) is ideal for this situation and is what you should use. It will harden the URL to exactly what you want as well as giving you further protections.

  • 0 in reply to Louis-M

    Hi Louis, how do you do this?

  • 0 in reply to GZgidnick

    WAF is a UTM feature that requires eventually an additional subscription. It is called Webserver Protection in the Web Interface.

    But I can not see, why your setup shouldn't work correctly. If you set up a subdomain virt01 with an A record pointing to the UTM's public address in  your public DNS zone of example.com you should be able to connect to the internal server with a charm. Did you eventually only configure a 'redirect' in the public DNS zone?

    Other thing which I rather believe is that the webserver virt01 only listens for an internal FQDN like virt01.mydom.local for the web interface and that point should be adjusted to the external FQDN you want the clients to be able to connect to.

    You can always configure a split brain DNS Config for internal clients to use a public FQDN to reach an internal IP, but you can't do that for an internal FQDN that is accessed from external.

    With WAF it should be possible when the UTM handles the external FQDN and tunnels the connection to the internal FQDN.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • 0 in reply to kerobra_retired

    Hi  

    1. Public dns resolution works using A of ovirt.example.com pointing to the public IP of Sophos which then does NAT to the ovirt server IP.

    2. Internal dns works on FQDN as well. Split DNS is setup. ovirt server responds to ovirt.example.com regardless if queried internally or externally

    3. I believe Sophos when doing NAT-ing it plays only with IP addresses hence the failure.

     

    I believe i have WAF subscribtion. Will try this and let you know.

    Do I need valid certificates to use WAF?

Reply
  • 0 in reply to kerobra_retired

    Hi  

    1. Public dns resolution works using A of ovirt.example.com pointing to the public IP of Sophos which then does NAT to the ovirt server IP.

    2. Internal dns works on FQDN as well. Split DNS is setup. ovirt server responds to ovirt.example.com regardless if queried internally or externally

    3. I believe Sophos when doing NAT-ing it plays only with IP addresses hence the failure.

     

    I believe i have WAF subscribtion. Will try this and let you know.

    Do I need valid certificates to use WAF?

Children
No Data
Unfiltered HTML