WAF Synology No Protection

.

Hi Roman, Thanks for reaching out.

You can use WAF to protect the access portal (web GUI) of your Synology device as long as it's behind XG and on top of that, you can also put an IPS policy in the WAF rule which can help you scan the rest of the traffic as well.

I have tried this with a FreeNAS custom device I have in my LAN and works like a charm! :) 

I'm using WAF - it's working, I mean in some way. I did import certs cuz service is on https port. But scanning desont  block any malicious content like viruses etc. I'm using IPS it that policy, you can see it onpasted screenshots. The point is that ips doesn't block https traffic. I guess that if I have put cert for specific scenario then traffic should be decrypted by WAF rule ? So if I'm uploading some malicious files  - sophos  should drop it. ;)

Thx for answer ;)

Anyone else?

I've wasted more than an entire year trying to get the basic WAF functionalities to work correctly; The AV has always a hit or miss, most of the times the traffic would never be sent to be scanned and most malware would just pass-through without any issues.

Oh. That wasnt a satisfying  answer to hear from ya :p  How someone like sophos could have such problems with basic thing. Theirs  solutions  are used in enterprise  environments... ;) WAF is so basic. Im using it for Home not a big deal but im wonder about companies.. it cant be so low level quality  thing ^^

Right now I don't have any other problem besides the AV and gzip compression.

XSS / Application attacks / SQLi protections works just fine, It will only require a bit of tuning - of course that's expected from any other WAF.

Edit: I've had a minor issue with SQLi protection before, but I gave up on researching It since not a lot of people are affected by It.

So do I, only AV problems ;) btw, Im hosting Syno Drive on Synology and its working pretty great with WAF with no special tunning etc ;) But AV is failling all the tme. All test malware got pass.