This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to view website published on DMZ via Webserver on our internal network

Hi everyone.  I have a webserver on a DMZ (on UTM) that is published to the internet on an external IP via webserver protection.  My users are unable to see this site when browsing from the internal network via the UTM web proxy.  Do I need some sort of access or NAT rule for my users to see this?



This thread was automatically locked due to age.
Parents Reply
  • Why only the External IP, Shaun - are you wanting to have their accesses go through Web Server Protection, or ???

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Yes Bob - exactly that.  I don't want this particular webserver ANYWHERE near my internal network Slight smile

  • Good morning, Shaun,

    I should have read your other posts above more closely as it's obvious you wanted to use Web Server Security. Grimacing

    You can just have internal DNS resolve to an Additional Address on the Internal interface and then create a new Virtual Server for that IP using the same Real Server.  Does that work for you?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    Sorry Bob, I don't quite follow.

    What I really want is my users on the internal network to access the website on it's external IP address.  I don't want them to be able to access the DMZ it's on in any way, and I don't want the webserver to be able to access the internal network.  Can you explain your solution further?

    Kind regards - Shaun

  • Shaun, accesses to the external IP are captured by Webserver Protection because of the definition of the Virtual Server that "listens" on that IP.  To have internal accesses go through Webserver Protection, simply add another Virtual Server definition with an additional address on the Internal interface.  You also need internal DNS to resolve the FQDN to that additional address.  Voila - no direct access locally to that server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    So you're effectively publishing it twice?  Once on the External, One on the Internal?

    Kind regards,


    Shaun

  • Exactly! Wink

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA