I'm having a issue enabling WAF for my website, which has default gateway pointing to astaro's IP.
Astaro is running as a bridge.
I've enabled the WAF but I dont get any requests.
All I done was to create a Real Server with my web server IP, then create a virtual server with my domain, using the real server. Then the last step was enabling WAF. am I missing something?
I'm confused about your network configuration. If the Astaro is running in bridge mode, why do you have the Astaro indicated as a default gateway for your webserver?
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
Have you tried a DNAT in the router in front of the Astaro? One of the Astaro folks commented that the WAF can't capture the traffic "transparently" - that the traffic must have the Astaro as the destination.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
I dont even have access to what is is front of astaro, but it is for sure transparent, because it is in the IDC. I have one public address per server. Everything else works fine, thats just the WAF...
that the WAF can't capture the traffic "transparently" - that the traffic must have the Astaro as the destination.
In your situation, I interpret this as meaning that, if www.domain.com -> 189.34.x.201, then 189.34.x.201 should be an address on your Astaro's bridged interface and the web server should have a different IP.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
When I'm working with WAF and run into an issue, I normally start with the features in the Firewall Profile off, then enable them one by one, testing as I go. If I find one that's causing me problems, I keep it disabled. It's the amazingly high skilled Trial and Error method. ;P
In your case, just disable any enabled features one by one until you find the one causing the issue. Changes on the Web Server side aren't necessary. There was one time though that I was making changes in WAF and connections stopped working until I restarted the Web Server process on the machine hosting the actual site. I can't recall which feature/setting I changed when that happened though.
__________________ ACE v8/SCA v9.3
...still have a v5 install disk in a box somewhere.