Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 18727 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF Status "Unregistered"

Gary Burch1

I've come to set up my first WAF Business Application Rule since getting started with the Sophos XG firewall, but have discovered that the WAF Service seems to not be running.

 

From Configure -> System Services -> Services, it lists the WAF Status as "No Web Server configured".  From the Advanced shell, running "service WAF:status -ds nosync" returns "200 UNREGISTERED"

 

I've created a plaintext and encrypted objects under Protect -> Web Server -> Web Servers.  I can't see anything using port 80 or 443 from Netstat.

 

Any idea where I should look next to troubleshoot?  The DHCP Server service used to work, but isn't running either now.  I'm not sure if that's related or not.

 

Many thanks



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to LuCar Toni

    Not sure what screenshots would be useful, but I've taken a few different ones.

    Firstly, the System Services Screen:

    Secondly, the webservers I've defined:

    Next, the initial screen of adding a Business Application Rule:

    This works successfully if choosing an SMTP rule, or a full DNAT Rule:

    But fails when choosing any of the WAF-based rules (shown here with a plain Web Server Protection Rule, but also applies to the built-in Exchange rules):

    (This is a composite of several screenshots)

Children
  • 0 in reply to Gary Burch1

    I was getting the same thing with my software version of XG Firewall Home.  After getting nowhere for weeks on this issue.  I opted to buy an XG 85 thinking that I wouldn't have the same problem.  I was wrong.  Now I'm getting the same problem with the XF appliance as well.  The exact same symptoms.

  • 0 in reply to Brian Ladley

    Have you found a way around it?  Is it possible to create Business Application Rules from the advanced console or anything?

     

    For me, this fault makes the XG firewall not fit for purpose

  • 0 in reply to Gary Burch1

    Still unsure how this can happen. 

    Can you select the profile after deleting everything in the WAF Section? 

    So basically delete all kind of Real Server configuration. 

    And show me please all you Interfaces and your Certificates. Did you upload some kind of certificates? 

  • 0 in reply to LuCar Toni

    I've deleted all the 'Real' webserver objects created under Protect -> Web Server -> Web Servers, so there are no servers listed.  Unfortunately, I still get the same results when trying to create the Business Rule.

    The image below shows the interfaces on the device.  PortA is my Internal LAN where clients (and the servers I was to reverse proxy traffic to) are, PortB is the Internet facing interface where traffic will come into.

     

     

    In terms of certificates, I have set up HTTPS decryption and scanning, which is working correctly.  The certificate for this was generated from the XG as a CSR, then requested from the Active Directory CA.  It has also been set up to trust the Internal CA.

  • 0 in reply to Gary Burch1

    I gave up on the XG Firewall Home Edition (software) and purchased an XG 85.  I can create my Exchange General BAR now except the imported certificates are not showing.  I have a separate support inquiry open for that one.

    Brian Ladley