WAF not working, Exclamation mark next to real server sometimes

My configuration is different from yours as I am using HTTPS only. However, I would recommend changing the Firewall profile to No Profile first to test. Also, check the "Pass host header" check box. I had to sign my TLS cert with www.mydomain.com in order for https://mydomain.com in order to get https to work. Finally, my site path is set to /. I noticed in your log that there is an error for /var/www/REF_RevFroInterPlain. You might need to setup a site path route. 

Thanks JackBlack. I thought I had it working yesterday (green ticks against Real Webservers) but today they are all yellow exclamation marks.

Virtual Webserver settings:

Real web server settings:

The host mail.bordo.com.au has its local IP. 192.168.x.x

Just have '/' for Site Path Route:

Logs:

Again, I can go to the site using https://192.168.x.x/path/to/page.php, but not to https://mail.bordo.com.au/path/to/page.php because the browser "can't establish a secure connection to the server 'mail.bordo.com.au'".

James.

You know, James, sometimes I see the yellow exclamation, but everything just works.  If you wind up turning in a ticket to Support on this, please let us know what they say.

Cheers - Bob

Hi Bob.

Sadly the yellow exclamation mark means what it says for me.:

Filed a support ticket. I'm in Asia Pacific region, so hopefully will get a reply in the morning. Will post reply here in case others experience similar problem.

James.

Have you tried setting your Firewall Profile to No Profile to test? In your original screenshot you have it set to Advance Protection - worth a try if you haven't yet. You might also want to check the logs on your mail.bordo.com.au server as well. 

Thanks JackBlack.

I have tried using No Profile - it's what I have it set to now until I get it working:

I suspect that there is a permissions issue with /var/www/ based on this in the log:

Of course, I'm no expert!

You might also want to check the logs on your mail.bordo.com.au server as well. 

/var/log/httpd/error_log and access_log on real web server show nothing.

I'm confused, James.  Your error message says you can't reach mail.bordo.com.au, but you're showing us a virtual server for the FQDN internal.bordo.com.au - what happens if you correct that?

Cheers - Bob

Bob, I've got virtual servers set up for mail.bordo.com.au and internal.bordo.com.au. Different Real Servers.

None work. I set up another one - same story. So that's 4 different real servers that get a yellow exclamation mark when I turn on their virtual servers. So I doubt that each real server has a problem (they can be reached using NAT or directly on internal network). 

Here they all are, with their green ticks because they are turned off:

I think there is now too much confusing things in your head. [^o)]

My idea is, delete everything and create from scratch. But one by one and not everything together.

And don't use a firewall profile at beginning, you can struggle there too. Just basisc settings.

And at the virtual server, always set the checkbox "Pass post header". The WAF knows then where to "route" you request.

And check your DNS entrys if they point to the right IPs.

By the way, you have the FQDN internal.bordo.com.au twice. This wont work. A DNS A-record resolves only to one IP.