Hello.
We had an old ISA Server from Microsoft to publish our Servers and replaced it now with a Sophos UTM. I’m not really a firewall professional, so I thought maybe there is someone in this forum who can take a look at my configuration and give me some advice if I did something wrong. Thanks in advance.
In the DMZ we have a server for our websites.
Definitions
In Interface and Routing I have an Interface DMZ and in Definitions & Users there are the three Definitions DMZ (Address), DMZ (Broadcast) and DMZ (Network).
Web Application Firewall
In Real Webservers there is my webserver with port 80 and in Virtual Webservers there is my webserver with all the corresponding domains and the Firewall Profile Basic Protection.
Intrusion Prevention
I’m not sure if that is correct, but I added the DMZ (Network) to the Local networks, so the Intrusion Prevention is working for my webserver.
NAT
I don't know if NAT is required if you publish a webserver over the web application firewall but it didn’t work before I enabled it. So I made a masquerading rule from DMZ to one of the external interfaces and one from DMZ to the Internal Interface.
Firewall
I enabled two firewall rules. One is from the internal network to the webserver with the services for administrating the webserver with putty over ssh and over a defined port to the installed webmin. The second rule is from the webserver to Internet IPv4 with the services DNS NTP HTTP HTTPS ping and SMTP, so the webserver can get his updates from his repositories and can send Mails from his web forms.
I hope, I didn’t made something wrong and we’re safe. But I would feel more comfortable if someone of you could confirm this. Thanks.
This thread was automatically locked due to age.