Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 30 subscribers
  • Views 20994 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Server configuration.

John Henry Vindas Carballo

Hello all,

I've been looking for information about the correct way to use the web server module on XG but I couldn't find anything.

Also ask to a Live support agent on chat and he didn't have any document that could help me.

So, what I want to know is if I'm available to have 2 servers published with the same public IP and the same port.

For example: https://mail.company.com and https://www.company.com

From my knowledge, which is pretty basic, it's not possible to publish 2 sites with the same port and same public IP but I was reading this on the 'Help' tab of the firewall:

From my understanding is possible to publish multiple sites using Path specific routing on the WAF rule. I did a rule for testing but wasn't working.



This thread was automatically locked due to age.
Parents
  • 0

    Hello John,

     

    Yes you can achieve this. In fact i have5 url's on the same outside ip and port wich will all be directed to different end points.

    Make sure you define the webservers, and add the correct FW rules.

     

    Grtz, Peter-Paul

  • 0 in reply to Peter-Paul Gras

    Hello Peter,

    I did try to use the web module but It wasn't working for me.

    I was using only 1 WAF rule to publish both servers. Also, if I use port 443 when I try to access the server it will show me the certificate error so I must upload a cert, it is not possible to use the same cert for both servers since I only can use 1 cert on the WAF rule.

    I can't create 2 WAF rules using the same IP and same port because the traffic will apply for the first rule.

    Would be great if you can add screenshots in this thread to take a look and have an idea how do you have it working.

    Best regards.

  • 0 in reply to John Henry Vindas Carballo

    Hi John,

     

    For security reasons i'm not going to add screenshots but I have written a simple step by step manual for you. If you follow this I believe you should be able to solve your

    1. System > Host and Services > FQDN Host
        add host (use the fqdn accordingly to the outside fqdn)
        
    2. Configure > DNS > DNS Host Entry section
        add DNS entry for the fqdn you added in  step 1. (use the same fqdn)
        this should be the ip adress of the host to witch you want to forward the Web Server (WAF)
        
    3. System > Host and Services > FQDN Host
        test if the FQDn resolves to the ip adres you just entered in step 2.
        
    4. Protect > Web Server > Web Servers
        add a web server:
        - host should be the host addes at step 1.
        - enter the port where your web servers listens to
        - i've got the keep alive option selected

    5. Protect > Firewall
        add a business application rule
        
        > Hosted Server section
        - select the WAN port that is being used to host your internal server
        
        > Protected Server(s) section
        - select the web server you created in step 3. from the Web server list
        
        > Advanced section
            - add the desired policies. I've added the Wan To Lan Intrusion Prevention policy and the High Guarantee Rule to the Traffic shaping policy

    6. repeat the above steps for every webserver you are hosteing. make sure you use unique host/port combinations

    7. If you are using any modem/router device in front of the SOPHOS XG make sure you have the correct ports forwarded!
            
    As far as i can remember this did it for me.

Reply
  • 0 in reply to John Henry Vindas Carballo

    Hi John,

     

    For security reasons i'm not going to add screenshots but I have written a simple step by step manual for you. If you follow this I believe you should be able to solve your

    1. System > Host and Services > FQDN Host
        add host (use the fqdn accordingly to the outside fqdn)
        
    2. Configure > DNS > DNS Host Entry section
        add DNS entry for the fqdn you added in  step 1. (use the same fqdn)
        this should be the ip adress of the host to witch you want to forward the Web Server (WAF)
        
    3. System > Host and Services > FQDN Host
        test if the FQDn resolves to the ip adres you just entered in step 2.
        
    4. Protect > Web Server > Web Servers
        add a web server:
        - host should be the host addes at step 1.
        - enter the port where your web servers listens to
        - i've got the keep alive option selected

    5. Protect > Firewall
        add a business application rule
        
        > Hosted Server section
        - select the WAN port that is being used to host your internal server
        
        > Protected Server(s) section
        - select the web server you created in step 3. from the Web server list
        
        > Advanced section
            - add the desired policies. I've added the Wan To Lan Intrusion Prevention policy and the High Guarantee Rule to the Traffic shaping policy

    6. repeat the above steps for every webserver you are hosteing. make sure you use unique host/port combinations

    7. If you are using any modem/router device in front of the SOPHOS XG make sure you have the correct ports forwarded!
            
    As far as i can remember this did it for me.

Children