Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
i am about to go from NAT to the WAF of our UTM (9.7) to distribute our Exchange (2013).
For that i went with the Tutorials from frankysweb.de which helped me a lot.
But i have still some questions about the filter rules in the firewall profiles which has to be skipped.
Since these rules are just some numbers i would like to clarifiy what i skip when i choose to set these numbers to the skipping list or what is mandatory to skip for an Exchange 2013 Server to work properly.
I would suggest going through this recommended read post: Sophos UTM: Securing Web Application Firewall (WAF) and this KBA Sophos UTM: How to bypass individual WAF rules.
For your configuration, please read https://community.sophos.com/products/unified-threat-management/f/web-server-security/50352/waf-on-v9-3-for-exchange-2013-on-single-server-ip-fqdn-certificate and Sophos UTM: Web Application Firewall for Exchange 2016
thank you for these links but they aren't very helpful.
I've found some guides and how-tos which all are showing different filter rules to skip but there is practically no info what exactly will be skipped when implementing a specific rule.
What, for instance, means to skip filter rule 960015? or 981203?
These filter rules are mod security rules. And relevant details can be obtained from the recommended read I mentioned in my earlier post. If you want some of the most common modes, please take SSH access of the UTM as root and enter this command: cat /etc/modsecurity/waf_reporting.ph This will print out some 271 rules. Others can be searched on OWASP website or their documents page.