Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 4452 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trying to get WAF working correctly

Grant Thorpe

So I have gone through and set up my Domain with a sub domain pointing to my WAN IP address. Set up my web server on the Sophos as well as the WAF rule with my HTTPS cert. The problem I am having is the WAF rule seems to work internal of the domain but will not allow any outside connections. I have double checked and tried various things. What am I missing?



This thread was automatically locked due to age.
Parents
  • 0

    There could be couple of issues here. 

    WAF is a basic reverse proxy. 

    https://en.wikipedia.org/wiki/Reverse_proxy

    So the interface of XG needs to be addressed by the WAN client in the Internet. 

    Is the DNS record correct? Do you use DNS to access it? Is Xg directly connected in the internet or something in front?

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    So when I do a NSlookup on the internal network it shows correct IP address for wan. The A record for my domain also seems to point correctly to the WAN IP. The Sophos XG is connected to my modem in bridge mode. If I set a site up with DNAT instead of WAF they appear to work just fine from the FQDN.

  • 0 in reply to Grant Thorpe

    And the WAF works internally? This sounds wired. 

    There is a KBA for WAF troubleshooting: https://community.sophos.com/kb/en-us/124574

    Maybe this helps? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Went through the trouble shooting the other day. Yes works internally If I point my A record to a different IP it stops working internally so I know the DNS is resolving correctly. and the test from the XG appliance also show it resolving.   its almost like its only allowing LAN to connect and nothing else. the wan trys to load the site but eventually just throws up a connection error. I have watched the logs but it shows no outside connections just the internal ones, therefore IIS logs are also not showing since I cant get through the the XG.

Reply
  • 0 in reply to LuCar Toni

    Went through the trouble shooting the other day. Yes works internally If I point my A record to a different IP it stops working internally so I know the DNS is resolving correctly. and the test from the XG appliance also show it resolving.   its almost like its only allowing LAN to connect and nothing else. the wan trys to load the site but eventually just throws up a connection error. I have watched the logs but it shows no outside connections just the internal ones, therefore IIS logs are also not showing since I cant get through the the XG.

Children
Cookie Information Banner