This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF - ScreenConnect does not work.

I use the WAF to protect my servers but I cannot get it work with ScreenConnect (SC). Maybe it's not even possible???

I want to use the WAF, rather than a DNAT, because I am using the same static, public IP for 'mysite.com' and 'www.mysite.com'. I have ScreenConnect (SC) installed on a Windows server along with WAMP. WAMP listens on ports 80 and 443 on internal IP 10.x.x.120 (www.mysite.com) and the SC server listens on ports 80, 443, 8040, and 8041 on internal IP 10.x.x.130 (mysite.com). My SSL cert is installed correctly in the UTM as well as the webserver. I have specified separate network definitions with the correct host names and internal IP's.

SC has a so-called built-in relay and router. Presumably, this is how web and remote desktop traffic are split and redirected to the correct ports. SC also automatically redirects http to https. Below are some of the settings in the SC config:

...

<listenUris>
  <listenUri>tcp://10.x.x.130:80/</listenUri>
  <listenUri>tcp://10.x.x.130:443/</listenUri>
</listenUris>
<rules>
  <rule schemeExpression="http" actionType="issueRedirect" actionData="https://$HOST/" />
  <rule schemeExpression="ssl" actionType="forwardPayload" actionData="https://10.x.x.130:8041/" />
  <rule schemeExpression="relay" actionType="forwardPayload" actionData="https://10.x.x.130:8040/" />
</rules><add key="WebServerListenUri" value="https://10.x.x.130:8041/" />

<add key="WebServerAddressableUri" value="https://mysite.com/" />
<add key="RelayListenUri" value="relay://10.x.x.130:8040/" />
<add key="RelayAddressableUri" value="relay://mysite.com:443/" />

...

 

If I set up a basic DNAT and disable the Virtual server in the WAF settings of the UTM, I have no issues with ScreenConnect but then all traffic for 'mysite.com' and 'www.mysite.com' are picked up by SC.

I've tried setting up a Real and Virtual server for port 443. I even tried creating Real and Virtual servers for the other ports even though there is no indication that traffic on the other ports is being dropped by Sophos. I can access the SC web page and login but when I try to start a remote session, nothing happens. What's odd is there's no dropped traffic logged in the WAF, Firewall or IPS logs.

Is what I'm trying to accomplish with the WAF even possible? Could it be that some of the traffic does not contain host header info and the WAF does not know what to do with it?



This thread was automatically locked due to age.
Parents
  • Made some progress... Everything is working except I cannot connect to a remote session via an Android from outside.

    From the Android, I can access the SC login page, login, see all connections to clients and even use the chat functionality of SC but I still cannot connect to a session to remotely control a client.

    For testing, I have created a WAF Firewall Profile with everything unchecked and added an exception that skips all available options.

     

    I still cannot connect to a session from an external Android and I do not get any errors in the Firewall, IPS or WAF logs. All entries in the WAF log are mostly 200 status codes with a couple of 502's if left idle. I can connect from an external Windows machine. I can access from an external Android if revert back to a simple DNAT. Not sure what the WAF is not allowing or what the Android app or WAF cannot handle. 

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

Reply
  • Made some progress... Everything is working except I cannot connect to a remote session via an Android from outside.

    From the Android, I can access the SC login page, login, see all connections to clients and even use the chat functionality of SC but I still cannot connect to a session to remotely control a client.

    For testing, I have created a WAF Firewall Profile with everything unchecked and added an exception that skips all available options.

     

    I still cannot connect to a session from an external Android and I do not get any errors in the Firewall, IPS or WAF logs. All entries in the WAF log are mostly 200 status codes with a couple of 502's if left idle. I can connect from an external Windows machine. I can access from an external Android if revert back to a simple DNAT. Not sure what the WAF is not allowing or what the Android app or WAF cannot handle. 

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

Children
No Data