This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forward internal web requests through the web application firewall of the UTM

Hi,

i want to forward internal web requests through the web application firewall of the UTM.

The background of this scenario is, that windows phones will not work with an self generated certificate of the exchange server. But my customer will not change the certificate of the exchange server.

the UTM has an existing WAF Profile for OWA/Active Sync, ... for the exchange reverse proxy rule with an trusted globalsign certificate. When the windows mobile phones are coming from the outside network they will work fine, but in the internal wifi Network they get errors issued by the self signed certificate of the exchange server.

Does an DNAT rule help me with this issue? (DNAT Rule: traffic from: internal lan going to: owa.company.tld with service: HTTPS change destination to: wan adress of owa.company.tld)

This thread was automatically locked due to age.

0 Scott_Klassen over 9 years ago

Should work by setting the Virtual Webserver to listen on the Internal Interface. Depending on your setup, there may be NAT issues that need to be resolved and may need to skip Web Filtering proxy for the connections as well.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 Emile Belcourt over 9 years ago

The way you could do this is by a DNS request route that when people try to get to owa.domain.co.uk (or local) it would point to the external IP/interface of the Virtual Webserver. The DNS request route can be made in Network Services > DNS > Request Routing.

This should point all internal requests to the outside of the firewall and then pass through the WAF.
Cancel
Vote Up 0 Vote Down

Cancel
0 jflex over 9 years ago

Checking Pass Host Header allowed me to access my Apache virtual Name based servers

--
SCA/UTM/XG Sophos Platinum Partner
Cancel
Vote Up 0 Vote Down

Cancel