Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1555 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I need help with WAF UTM220 / 9.2

Dennis_Sophos
I need help with WAF UTM220 / 9.2

What I am trying to do:

External access Port 8444 to an internal Webserver Port 80
1. I have created a Firewall rule.  Internet IPv4 > External Internet Address Port 8444 

Firewall Log 
Packet filter rule #8  TCP   External public IP : 31896 →  External Internet Address interface: 8444
Everthing seems OK

2. I have created a real Webserver with the internal IP
3. I have created a virtual Webserver
interface = internal
type= http
port= 8444
domain = extern.domain.tv
FW profile = None
Advanced = nothing

The WAF Log shows only this:
2014:06:10-10:34:36 Sophos_1 reverseproxy: [Tue Jun 10 10:34:36.000543 2014] [security2:notice] [pid 20126:tid 4147431104] ModSecurity: APR compiled version="1.4.6"; loaded version="1.4.6" 
2014:06:10-10:34:36 Sophos_1 reverseproxy: [Tue Jun 10 10:34:36.000552 2014] [security2:notice] [pid 20126:tid 4147431104] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05" 
2014:06:10-10:34:36 Sophos_1 reverseproxy: [Tue Jun 10 10:34:36.000556 2014] [security2:notice] [pid 20126:tid 4147431104] ModSecurity: LIBXML compiled version="2.7.6" 
2014:06:10-10:34:36 Sophos_1 reverseproxy: [Tue Jun 10 10:34:36.016350 2014] [core:warn] [pid 20126:tid 4147431104] AH00111: Config variable ${URLHardening_HTTP_Hostname} is not defined 
2014:06:10-10:34:37 Sophos_1 reverseproxy: [Tue Jun 10 10:34:37.004189 2014] [mpm_worker:notice] [pid 20138:tid 4147431104] AH00292: Apache/2.4.4 (Unix) OpenSSL/1.0.1g configured -- resuming normal operations 
2014:06:10-10:34:37 Sophos_1 reverseproxy: [Tue Jun 10 10:34:37.004850 2014] [core:notice] [pid 20138:tid 4147431104] AH00094: Command line: '/usr/apache/bin/httpd' 
2014:06:10-10:49:49 Sophos_1 reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="708" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-" 
2014:06:10-10:49:49 Sophos_1 reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="422" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-" 
2014:06:10-11:19:36 Sophos_1 reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="420" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-" 
2014:06:10-11:20:20 Sophos_1 reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="392" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-" 

No incoming Traffic on the Webserver

Second try with DNAT.

1. I have created a DNAT Rule:
Traffic from: Internet IPv4
Service: Port 8444
Going to: Internet (External Address Interface)
Change Destination to: Internal Webserver IP
and Service to Port 80

Firewall Log:
NAT rule #4 TCP  External Public IP:4246  → Internal Webserver:8444

With this solution I can see the incoming/ outgoing Traffic on the Webserver

Webserver Logs:
Internal Address: Httpd.exe – Internal Server IP Port 80
Remote Address – The external public IP: Port 4246

No Access from External, i do not know what i am doing wrong.


This thread was automatically locked due to age.
Unfiltered HTML