This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF and OTP - IP based exception

Hi,

I'm using WAF with OTP and site path routing to protect a variety of internal services. So far it's working well.

I have external locations with static IPs that I would like to allow to connect without requiring the OTP step. I.e., enforce OTP except for requests from these IP sources. Is this possible?

Some of the services use the hostname or URL in their redirects which makes using a differently named second virtual server with no OTP and source filtering tricky.

This thread was automatically locked due to age.

0 BAlfson over 9 years ago

Hi, dev, and welcome to the User BB!

There's no Exception for OTP if selected. Depending on your situation, you might consider handling the traffic from your external locations with a DNAT. Refer to #2 in Rulz.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 dev_01 over 9 years ago

Thanks Bob.

Your advice did help. In the end, I set up a duplicate virtual web server and WAF configuration on a different interface, then used the Rulz to work out that I could NAT traffic from specific sources to that new interface before it was seen on the public interface by WAF. It's more effort to maintain duplicate configurations but otherwise works like a charm.
Cancel
Vote Up 0 Vote Down

Cancel