We're running Sophos UTM 9.x in AWS and enabled Proxy Protocol support in the WAF. We've also enabled proxy protocol support in the HAproxy instances sitting in front of the UTM. We can see the source IP addresses in the WAF log but not in the Firewall log. We were expecting the source IP address would also be visible in the Firewall log since we have already enabled proxy protocol support. What steps are we missing? Thank you.
You can try this way-
Navigate to Tools > Options >, then select the Advanced tab. On the Network tab (usually selected by default), click Settings. The Connection Settings dialog box shows whether the browser is configured to connect to a proxy server. Make a note of the proxy settings.
I hope this will help
Sorry, is this in the Sophos GUI or the browser? The issue is with Sophos being able to "see" the source IP address coming in from one of its interfaces if it's sitting behind a proxy server, in this instance an HAProxy server, and then doing actions (e.g. allow, deny) in DNAT or some other mechanism.
I don't see an "(Address)" object anywhere. Check #4 in the Rulz link above.
Cheers - Bob
I modified the group in question and used the Host address and tested, it still doesn't work. When you say "[Address]" object, do you mean Host type? Thanks!
I mean that the DNAT won't work with a regular host object. There is a way to make it work, but that wouldn't fit in with the "culture" here and would reduce your ability to get help. See #4 in the Rulz link in my first post above.
Hi Bob, I apologize for the confusion. I'm relatively new to Sophos UTM and still understanding basic concepts. I've modified the network group with some interface addresses:I tested it and the request still went through.
Unless one of those (Address) objects is the one on the interface with a default gateway and is your connection to the Internet, that won't work.
Yes, one of those interfaces has a default gateway but unfortunately the gateway it's pointing to is not alive.