Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 6266 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webserver Protection through IPsec VPN

Micha Schweizer1

Hi All,

 

I have a question about routing web traffic through an IPsec VPN. Here's the situation:

 

Site A: Sophos XG with Web Server Protection licensed.

Site B: Sophos XG without Web Server Protection and a dumb web server (ventilation unit) which needs to be accessed for remote support. For proper security I want to use the webserver protection to secure it with a password.

 

I tried to add the Webserver Business rule in Site A but I haven't got any response from the device. Can you help?

 

Thank you very much in advance!

 

Best Regards

Micha



This thread was automatically locked due to age.
Parents
  • 0

    Hi, 

    Can you confirm, that DNAT works? So a basic DNAT von Site A to Site B Webserver through Webserver works? 

    Afterwards, build a WAF Policy with password.

    The password page should be come up. 

    After the login, can you show us the WAF log? 

    As far as i know, there is a routing issue in XG with WAF and resources behind IPsec. So WAF is not using the proper tunnel to the webserver. Could reproduce it with OWA. Maybe this behavior is the same with a standard HTTP/s Webserver. 

  • 0 in reply to LuCar Toni

    Thank you for your answer.

     

    No I cannot get it to work with DNAT. I just setup a DNAT rule on the Site A Firewall which points to the Webserver in site B. Is that correct? On both FW's I've setup rules to allow any traffic in and out via VPN from and to LAN.

     

    Thanks for you help.

Reply Children
No Data