Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 18717 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF Status "Unregistered"

Gary Burch1

I've come to set up my first WAF Business Application Rule since getting started with the Sophos XG firewall, but have discovered that the WAF Service seems to not be running.

 

From Configure -> System Services -> Services, it lists the WAF Status as "No Web Server configured".  From the Advanced shell, running "service WAF:status -ds nosync" returns "200 UNREGISTERED"

 

I've created a plaintext and encrypted objects under Protect -> Web Server -> Web Servers.  I can't see anything using port 80 or 443 from Netstat.

 

Any idea where I should look next to troubleshoot?  The DHCP Server service used to work, but isn't running either now.  I'm not sure if that's related or not.

 

Many thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Unregistered is just "Unconfigured". 

    So maybe you miss some step in the config. 

    https://community.sophos.com/kb/en-us/126470

  • 0 in reply to LuCar Toni

    In that case, maybe I've mistaken symptom for cause.

     

    I'm unable to follow the guide that you've linked to.  Step 1 works successfully "Configure the Web Server", but step 2 fails "Configure a Business Application Rule".

     

    I have successfully created Business Application Rules for SMTP traffic (inbound and outbound), but as soon as I create a new Business Application Rule, and select any of the WAF Based Templates, the interface freezes and I'm unable to complete the rule.  I just get a the spinning cursor in the middle of the screen.

  • 0 in reply to LuCar Toni

    Not sure what screenshots would be useful, but I've taken a few different ones.

    Firstly, the System Services Screen:

    Secondly, the webservers I've defined:

    Next, the initial screen of adding a Business Application Rule:

    This works successfully if choosing an SMTP rule, or a full DNAT Rule:

    But fails when choosing any of the WAF-based rules (shown here with a plain Web Server Protection Rule, but also applies to the built-in Exchange rules):

    (This is a composite of several screenshots)

  • 0 in reply to Gary Burch1

    I was getting the same thing with my software version of XG Firewall Home.  After getting nowhere for weeks on this issue.  I opted to buy an XG 85 thinking that I wouldn't have the same problem.  I was wrong.  Now I'm getting the same problem with the XF appliance as well.  The exact same symptoms.

  • 0 in reply to Brian Ladley

    Have you found a way around it?  Is it possible to create Business Application Rules from the advanced console or anything?

     

    For me, this fault makes the XG firewall not fit for purpose

  • 0 in reply to Gary Burch1

    Still unsure how this can happen. 

    Can you select the profile after deleting everything in the WAF Section? 

    So basically delete all kind of Real Server configuration. 

    And show me please all you Interfaces and your Certificates. Did you upload some kind of certificates? 

  • 0 in reply to LuCar Toni

    I've deleted all the 'Real' webserver objects created under Protect -> Web Server -> Web Servers, so there are no servers listed.  Unfortunately, I still get the same results when trying to create the Business Rule.

    The image below shows the interfaces on the device.  PortA is my Internal LAN where clients (and the servers I was to reverse proxy traffic to) are, PortB is the Internet facing interface where traffic will come into.

     

     

    In terms of certificates, I have set up HTTPS decryption and scanning, which is working correctly.  The certificate for this was generated from the XG as a CSR, then requested from the Active Directory CA.  It has also been set up to trust the Internal CA.

  • +1 in reply to Gary Burch1

    Gary Burch1 said:
    I have successfully created Business Application Rules for SMTP traffic (inbound and outbound), but as soon as I create a new Business Application Rule, and select any of the WAF Based Templates, the interface freezes and I'm unable to complete the rule.  I just get a the spinning cursor in the middle of the screen.

    This is a known problem caused by a certificate not being properly imported.

    You can try to fix this by deleting any certificates that you imported and then import them again.

    If you try this workaround, please report back if it helped.

    In case you want to get in contact with Support about this, you can refer them to NC-35682 (unresponsive UI) and NC-35929 (certificate import problem).

  • 0 in reply to ewadie

    ewadie said:

    This is a known problem caused by a certificate not being properly imported.

    You can try to fix this by deleting any certificates that you imported and then import them again.

     

    Thanks for this, is there anything I need to do to ensure that the certificate is imported properly next time?

  • 0 in reply to Gary Burch1

    Gary Burch1 said:
    Thanks for this, is there anything I need to do to ensure that the certificate is imported properly next time?

    The specifics of this problem are still unclear. For now just delete your certificates and import them again.

  • 0 in reply to Gary Burch1

    I gave up on the XG Firewall Home Edition (software) and purchased an XG 85.  I can create my Exchange General BAR now except the imported certificates are not showing.  I have a separate support inquiry open for that one.

    Brian Ladley

Reply Children
No Data