WAF Status "Unregistered"

Hi,

Unregistered is just "Unconfigured". 

So maybe you miss some step in the config. 

https://community.sophos.com/kb/en-us/126470

In that case, maybe I've mistaken symptom for cause.

I'm unable to follow the guide that you've linked to.  Step 1 works successfully "Configure the Web Server", but step 2 fails "Configure a Business Application Rule".

I have successfully created Business Application Rules for SMTP traffic (inbound and outbound), but as soon as I create a new Business Application Rule, and select any of the WAF Based Templates, the interface freezes and I'm unable to complete the rule.  I just get a the spinning cursor in the middle of the screen.

Already saw such an issue.

https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/105242/creating-a-new-business-application-rule-hangs-the-screen/383723

But never got an reply. 

Can you share some Screenshots? 

Not sure what screenshots would be useful, but I've taken a few different ones.

Firstly, the System Services Screen:

Secondly, the webservers I've defined:

Next, the initial screen of adding a Business Application Rule:

This works successfully if choosing an SMTP rule, or a full DNAT Rule:

But fails when choosing any of the WAF-based rules (shown here with a plain Web Server Protection Rule, but also applies to the built-in Exchange rules):

(This is a composite of several screenshots)

I was getting the same thing with my software version of XG Firewall Home.  After getting nowhere for weeks on this issue.  I opted to buy an XG 85 thinking that I wouldn't have the same problem.  I was wrong.  Now I'm getting the same problem with the XF appliance as well.  The exact same symptoms.

Have you found a way around it?  Is it possible to create Business Application Rules from the advanced console or anything?

For me, this fault makes the XG firewall not fit for purpose

Still unsure how this can happen. 

Can you select the profile after deleting everything in the WAF Section? 

So basically delete all kind of Real Server configuration. 

And show me please all you Interfaces and your Certificates. Did you upload some kind of certificates? 

I've deleted all the 'Real' webserver objects created under Protect -> Web Server -> Web Servers, so there are no servers listed.  Unfortunately, I still get the same results when trying to create the Business Rule.

The image below shows the interfaces on the device.  PortA is my Internal LAN where clients (and the servers I was to reverse proxy traffic to) are, PortB is the Internet facing interface where traffic will come into.

In terms of certificates, I have set up HTTPS decryption and scanning, which is working correctly.  The certificate for this was generated from the XG as a CSR, then requested from the Active Directory CA.  It has also been set up to trust the Internal CA.

I've deleted all the 'Real' webserver objects created under Protect -> Web Server -> Web Servers, so there are no servers listed.  Unfortunately, I still get the same results when trying to create the Business Rule.

The image below shows the interfaces on the device.  PortA is my Internal LAN where clients (and the servers I was to reverse proxy traffic to) are, PortB is the Internet facing interface where traffic will come into.

In terms of certificates, I have set up HTTPS decryption and scanning, which is working correctly.  The certificate for this was generated from the XG as a CSR, then requested from the Active Directory CA.  It has also been set up to trust the Internal CA.