Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 20746 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM (Web Application Firewall) VMware View

ipp-barrett
I have a Sophos UTM v9.308-16 and I am trying to setup VMware Horizon View 6 behind the Web Application Firewall. HTTPS and HTML Blast (8443) work fine behind the WAF but I cannot get PCoIP (TCP/UDP 4172) to work. I have tried specifying HTTPS, Blast and PCoIP in WAF and I have tried specifying HTTPS and Blast in WAF and PCoIP in in the firewall. When I try to authenticate with the View client it hangs on "Authenticating" then fails with "connect lost" error. When I specify HTTPS, Blast and PCoIP in the firewall, everything works. So I am looking for some assistance in identifying what I am overlooking as it looks like it maybe something timing out on the UTM. I using the WAF because I only have one IP address and this setup works for other applications like Exchange OWA and ownCloud. Any ideas?


This thread was automatically locked due to age.
Parents
  • 0
    I was using the View security server which acts as a reverse proxy itself. Removing that from the equation and making the below adjustments I was able to get View to work behind the UTM's firewall and WAF. This may not be best practice for a production environment but great for a lab environment with only one external IP.

    Virtual Webservers

    View_Ext_HTTP
    Interface: External (WAN)(Address)
    Type: Plaintext (HTTP)
    Domains: view.domain.com
    Real Webservers: View_Ext_HTTP
    Firewall Profile: View

    View_Ext_HTTPS
    Interface: External (WAN)(Address)
    Type: Encrypted (HTTPS)
    Domains: view.domain.com
    Real Webservers: View_Ext_HTTPS
    Firewall Profile: View


    Real Webservers

    View_Ext_HTTP
    Type: Plaintext (HTTP)
    Host: ViewTC1
    Port: 80

    View_Ext_HTTPS
    Type: Encrypted (HTTPS)
    Host: ViewTC1
    Port: 443


    Firewall Profiles

    Name: View
    Mode: Reject
    Options:
    Antivirus: Single Scan Mode, Uploads only direction
    Block unscannable content
    Block clients with bad reputation

    Firewall/NAT rules

    Group: View Ports
    Ports: TCP/UDP 4172


    Horizon View Configuration

    Connection servers:
    ViewDC1 (internal)
    PCoIP External URL: Internal IP of connection server

    ViewTC1 (external)
    PCoIP External URL: External IP View environment
  • 0 in reply to ipp-barrett

    Hi, 

    can you post the exact configuration? i have exactly the same problem but cant get it to work :(

Reply Children
No Data
Unfiltered HTML