Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 3067 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF Client IP

Guy Precht

 Using SOPHOS XG I've successfully setup up 3 different web servers and business firewall rules to route to them but in every case the web server sees the client IP as that of the firewall/gateway and not the actual WAN client?  Is there a setting that needs/can be changed so that the client information is passed tot he web server. I do NOT have masquerading turned on anywhere that I am aware of. I did the same thing in UTM and the client IP's were passed through with no problem. I have one system that looks at the client IP and will only challenge for authentication if it is a WAN IP address but it's seeing every WAN client as the gateway's address and therefore considering it local and wont challenge any user for authentication.

 

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • 0

    I am suffering from the exact same issue. 

    I wonder if this poor fellow ever had any resolution provided to this query?

    Does anyone have an answer to this?

    Jon

  • 0 in reply to Jon Bruno

    No problem here (even with Multi-Proxy-Hops) using the information in X-Forwarded-For header. See https://en.wikipedia.org/wiki/X-Forwarded-For

    Best regards,
    Andreas

  • 0 in reply to AndreasBeutel

    Thanks Andreas. 

    I guess my issue is slightly different than the OP.

    We have our webservers branched off a port on the XG lets say A6, the port itself is defined with an IP which we designate as our "Webserver Subnet" 

    A Business rule was created and WAF rules applied. as well as selecting "Pass host header" (we have some client side and intersite communications going on too) 

    The client is passed to the appropropriate Web Server/Site and can work properly. but in the IIS Logs the IP of if the client is substitured for the gateway IP placed on the interface at port A6

     

    But the gist is that the IIS servers are seeing the Client IP's as the Gateway IP and not their external public IP.

    I'm sure process wise we could harvest the X-Forwarded info but IIS needs to track IP's properly for forensic and logistic reasons.

    Thanks.

Reply
  • 0 in reply to AndreasBeutel

    Thanks Andreas. 

    I guess my issue is slightly different than the OP.

    We have our webservers branched off a port on the XG lets say A6, the port itself is defined with an IP which we designate as our "Webserver Subnet" 

    A Business rule was created and WAF rules applied. as well as selecting "Pass host header" (we have some client side and intersite communications going on too) 

    The client is passed to the appropropriate Web Server/Site and can work properly. but in the IIS Logs the IP of if the client is substitured for the gateway IP placed on the interface at port A6

     

    But the gist is that the IIS servers are seeing the Client IP's as the Gateway IP and not their external public IP.

    I'm sure process wise we could harvest the X-Forwarded info but IIS needs to track IP's properly for forensic and logistic reasons.

    Thanks.

Children