i have an issue in my sophos utm 9.7 configuration first of all i added the local certificate for RDWeb site then i cofigured virtual webserver and real webserver ,when i started to test ,no good news and i tried many things like fullnat in network protection, it worked but i suspected it is bad for security then i undo, till i got to firewall profiles in webserver protection and i found Microsoft RD Web 2008 profile with "reject"mode ,i changed mode to monitor then it worked for a while then it didn't work and still can open the url but applications no
Hi ramy emam,
Thank you for reaching out to the Community!
Could you please provide reverse proxy logs and configuration screenshots?
I would also suggest you check out the following troubleshooting KBA: https://support.sophos.com/support/s/article/KB-000036283?language=en_US
Thanks,
Hala Ramy and welcome to the UTM Community!
Please show the Firewall Profile, Virtual and Real Servers open in Edit.
Cheers - Bob
here are my firewall profile,virtual and realservers as shown
firewall https://drive.google.com/file/d/1Ml2tvQQDfQ3zSTWbC6dRUEqlItal0f3Q/view?usp=sharing
virtual https://drive.google.com/file/d/1zq3bBJgYEfOgtmap0csKvpCcIircay-p/view?usp=sharing
real https://drive.google.com/file/d/11QgJ-yHtrD8l7LzymcTJlk8Qkxag8YzW/view?usp=sharing
OK, that's a good start. "Monitor" mode means that all of the selected checks in the Firewall Profile are applied and the results logged, but the traffic is allowed. "Monitor" is the right way to start. Now, you need to go into the logs to see what checks would result in blocked traffic if "Reject" were selected. If there are some that you want to use, you will need to see if you can modify the relevant settings on your server.
Many things could cause an application to be blocked. You will also want to do #2 in Rulz (last updated 2019-04-17) to confirm that traffic isn't being blocked by the firewall or some aspect of Intrusion Prevention. Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly. Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file, so if you want help with a block by the firewall, show us a line from the log file.
I copied your links into a sandboxed web browser to look at the images. When adding pictures in future posts, insert your images directly into the post instead of uploading to an external site. We can't know if an external site is properly protected. The only malware I've gotten in over 10 years was from an external link to a picture in this forum several years ago. Thanks in advance!