This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webserver protection setup problems

I'm attempting to set up Sophos UTM as Webserver protection, right now behind a different firewall, and running into issues.  Looking at Sophos I may just use it as the main firewall in the future, but for now it has to be behind another as reverse proxy.

 

Main firewall - 10.1.1.9

Sophos - one NIC (I think as bridge mode?), 10.1.1.8

Webserver - 10.1.1.16

 

I have the main firewall forwarding port 80 traffic to Sophos.

 

In Sophos I've set up the real and virtual webservers.  I have Pass host header enabled in the virtual web server.  In Network Protection I've set up a firewall rule allowing port 80 traffic from any source to the Internal network.

 

At present I have no NATs set up as some of the documentation I was reading said NATs would effectively bypass the Webserver Protection.

 

On the webserver I've set up Sophos as  Trusted Proxy, mostly so the real IPs will come through.

 

On Sophos I do see web traffic coming into the box, but the websites do not come up. I don't see the web traffic in the access or error logs of the webserver.  I haven't done any network sniffing yet to see if they are getting there.  The live web server protection logs don't show any sort of logging to indicate traffic.

 

Can anyone point me in the right direction, some documentation or how-tos?  I'm stuck.  I appreciate any help.



This thread was automatically locked due to age.
Parents
  • Hi Scott and welcome to the UTM Community!

    Do you see anything in the WAF log that would indicate that it's processing the incoming requests?  Please show pictures of the Edits of the Interface definition, the Virtual Server, Real Server and the Host object in the real server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi Scott and welcome to the UTM Community!

    Do you see anything in the WAF log that would indicate that it's processing the incoming requests?  Please show pictures of the Edits of the Interface definition, the Virtual Server, Real Server and the Host object in the real server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data