- Sophos UTM 9.204, External reachable by domain (dynamic DNS at no-ip.com)
- Internal Webserver 1 (10.20.20.3)
- Internal Webserver 2 (10.20.20.9)
- Internal Webserver 3 (10.20.20.13)
- LAN (192.168.1.0/24)
At no-ip.com i have a domain and several subdomains, which basically all point to the same public IP (CNAME). So by using different subdomains the WAF should route the request to one of the servers. But it does not happen. In fact, WAF is not even listening/opening the ports (checked with normal smartphone (cellular network) and using the portscanner on dnstools.ch) Both HTTP(S) fail.
What works:
- (Sub)Domain is resolvable
- Ping public IP
- Internal DNS is resolvable as well
- Access webserver 1 using both HTTP(S [self-signed]) from internal network, on ports 80, 443
- Access webserver 2 using HTTP from internal network on port 4040
- Access webserver 3 using HTTPS from internal network on port 443 (self-signed, only https)
- DNATing the server is working, so my ISP is not blocking any ports.
What does not work:
- Accessing webservers on ports 80, 443, 4040 from external. The best I got were HTTP 503 errors on port 80. Connection failed completely when using HTTPS
What I already tried:
- DNATing HTTP(S), although i need to redirect the request based on requested URL (server 1 and 3, same port)
- Disabled IPS, Advanced Threat Protection, even Web Filtering (although i'd like to have them enabled when its working)
- Changed Ports of the virtual webserver section in WAF configuration
- Logs do not have any indication of failure etc. In fact, the only logs in Web Application Firewall are like this:
2014:07:24-13:45:03 FRW01 reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="264" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="228" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
- No external source IP is ever to be found in the log when I try to access from external (does the request even get there...?)
- Trying to access the webserver on https from external, but changed internal server to listen on port 80. The WAF shows then a yellow dot under virtual servers (in error)
- Trying to access the webserver only on port 80 (internal and external)
- Different Browsers, cleared web cache
- Tried every WAF Firewall profile, even without.
What my configuration looks like:
- No additional FW/NAT rules configured, as documented WAF should apply them by itself.
- No server is bound to an interface (all are >) in host definitions. All have internal static, dns-resolvable IPs configured (my goal is that I can access the server on www.domain.tld from internal as well as external)
- For server 1 WAF configuration I included screenshots, the other servers are similar configured. There is no yellow dot, all are green.
Now the strangest thing:
It worked for a short while. When I configured the virtual/real webservers as shown in the screenshots, it worked. That was 4 days ago. Recently I remarked that's not working anymore (other DNATed ports still work though). I didn't touch the UTM during these 4 days. There were no logs with external source IPs after a few hours. No sign of crash (as there are there and then new logs with source IP 127.0.0.1). This was with UTM 9.203. I updated to 9.204, but still not working.
Maybe I am missing something simple?
Thx in advance, I hope I provided enough info, just ask
This thread was automatically locked due to age.
