https://community.sophos.com/utm-firewall/f/web-server-security/114536/webserver-protection-setup-problemsI&#39;m attempting to set up Sophos UTM as Webserver protection, right now behind a different firewall, and running into issues. Looking at Sophos I may just use it as the main firewall in the future, but for now it has to be behind another as reverse proxyen-USTelligent Community 12https://community.sophos.com/thread/411784?ContentTypeID=1Mon, 12 Aug 2019 20:34:11 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:84305728-7885-4de8-aba1-720a10908e01BAlfson<p>Hi Scott and welcome to the UTM Community!</p> <p>Do you see anything in the WAF log that would indicate that it&#39;s processing the incoming requests?&nbsp; Please show pictures of the Edits of the Interface definition, the Virtual Server, Real Server and the Host object in the real server.</p> <p>Cheers - Bob</p><div style="clear:both;"></div>https://community.sophos.com/thread/411646?ContentTypeID=1Sun, 11 Aug 2019 18:29:48 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:195dfb0c-bac0-49b2-8055-0edf304d93c2DouglasFoster<p>1) I do not believe that you do not have bridge mode.&nbsp; &nbsp;Bridge mode looks like this:</p> <p>Switch --- UTM --- Firewall</p> <p>Two (or more) physical interfaces are bound together as one logical interface to UTM.&nbsp; &nbsp;Everything going to the firewall has to pass through UTM.</p> <p>From your description, you have this:</p> <p>Switch --- UTM<br />&nbsp; &nbsp;\____________ Firewall</p> <p>In this mode, UTM only sees traffic that targets one of its addresses, so it can only do Standard Mode functions.&nbsp; &nbsp;For more detail on Standard and Transparent mode functions, see this post:</p> <p><a href="/products/unified-threat-management/f/general-discussion/100848/how-to-understand-utm-port-usage">https://community.sophos.com/products/unified-threat-management/f/general-discussion/100848/how-to-understand-utm-port-usage</a></p> <p>2) Basic process that I use for configuring a webserver:</p> <p>On UTM</p> <ul> <li>Configure the real webserver and test it internally</li> <li>Get an SSL Certificate for the website so you can use HTTPS, which provides proof of server identity as well as encryption.</li> <li>Configure an Additional Network Address on UTM.&nbsp; &nbsp;(Using the primary address will create conflicts with the user portal.)&nbsp; &nbsp;Since UTM is behind your firewall, this will be an internal address.</li> <li>Create the virtual webserver and assign it to the chosen IP address and the (recommended) SSL certificate.</li> <li>Enable the webserver.&nbsp; &nbsp;If it can connect to the real webserver, the status indicator will go green.&nbsp; &nbsp;(May need to navigate away and come back to see the correct status light.)</li> </ul> <p>On a test machine with an internal IP address</p> <ul> <li>Create a HOSTS file entry to force your test traffic to target the UTM virtual webserver address instead of the real webserver address.</li> <li>Enable a firewall profile with all protections enabled but in monitor mode.</li> <li>Do all of your tests&nbsp;</li> <li>Review the logs and disable tests that are throwing false positives.</li> <li>Decide whether to deploy to the internet in Monitor Mode or Reject Mode</li> </ul> <p>On the firewall</p> <ul> <li>Create a NAT rule from the chosen Internet address to the UTM virtual webserver address.</li> <li>Test again from an external PC.</li> <li>Enable Reject mode&nbsp;</li> </ul><div style="clear:both;"></div>