https://community.sophos.com/utm-firewall/f/web-server-security/115908/waf-snatBeen a while so apologies.... If you have a webserver behind WAF, does the webserver reply on the address the WAF is using? eg. webserver sits on a subnet that is maquarading to PUBLIC IP X, WAF is using PUBLIC IP Y for https In the above exampleen-USTelligent Community 12https://community.sophos.com/thread/417753?ContentTypeID=1Wed, 16 Oct 2019 16:23:07 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:54289107-c4f1-4494-870d-ccc992623c20Jaydeep<p>Yes, since the incoming request would be on the port and URL specified withing WAF configuration on UTM and also on Webserver, any incoming web request will be replied from the same IP. For example, if your website is hosted on X address and you&#39;ve configured it on UTM and on WAF to forward it to your Webserver, it will be replying using that same X address.</p> <p>For all other traffic going out of your Webserver to the Internet, since the destination port will be different and services as well, it will go ahead using MASQ or SNAT rule (if any) specified in your UTM.</p><div style="clear:both;"></div>