Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 3336 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to acces WAF Sites through Web Proxy on XG 210. Does anybody know why?

JordiPa

Hello,

This is my first time publication on this community.
First of all, sorry for my english.

We have a Sophos XG 210 with SFOS 17.1.4 MR-4 Firmware.

I've published some web sites through WAF firewall rule and look like everything is ok. I'm able to access the web site from WAN side and from LAN side, but on computers with the Sophos XG web proxy we are unable to acces web sites created on WAF.

The desktops that has Web Proxy are on branch offices, and all are abble to acces any site on Internet.

LAN DESKTOPS - 192.168.0.x GATEWAY:192.168.0.1

WEB PROXY: 192.168.0.1:3128

The web site are on the DMZ: 172.26.1.X

The sites are published through #PortE1:0...#PortE1:4

Does anybody know why and how to solve it?

I'm a little bit frustated, because I don't find the solution on the comunity.

Thanks

Jordi

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    if you do an nslookup or DNS check from the remote sites what address do you see for the WAF devices?

    Ian

  • 0 in reply to rfcat_vk

    Resolve the public IP (#PortE1:X)

  • 0 in reply to JordiPa

    Hi,

    If you do a tracert to the site where does it go?

    Ian

  • 0 in reply to rfcat_vk

    On branch office tracert points to nowhere, like any other internet web site, but on branch office I've WEB PROXY for HTTP Traffic,

    We can browse any website, except those published by WAF in the Sophos XG.

    I get a sophos page with the message: "Website not available. Reason for this message: We found the website's address but were unable to connect to the web server"

     

    SOPHOS XG LAN: 192.168.0.X Gateway:192.168.0.1

    SOPHOS XG DMZ: 172.26.1.X Gateway:172.26.1.1

    BRANCH OFFICE LAN: 192.168.22.X Gateway:192.168.22.1

    SOPHOS XG WEB PROXY: 192.168.0.1:3128

    WEBSERVER1 on DMZ: 172.26.1.15

    WEBSERVER1 is on #PortE1:4 - 62.36.3.40 (not the real ip)

    WEBSERVER1 FQDN: webserver1.domain.com (not the real fqdn)

    Sophos XG is resolving DNS on 8.8.8.8

    LAN and BRANCH LAN is resolving DNS on internal DNS Server. The internal DNS Server points to the public ip of the web server fqdn.

Reply
  • 0 in reply to rfcat_vk

    On branch office tracert points to nowhere, like any other internet web site, but on branch office I've WEB PROXY for HTTP Traffic,

    We can browse any website, except those published by WAF in the Sophos XG.

    I get a sophos page with the message: "Website not available. Reason for this message: We found the website's address but were unable to connect to the web server"

     

    SOPHOS XG LAN: 192.168.0.X Gateway:192.168.0.1

    SOPHOS XG DMZ: 172.26.1.X Gateway:172.26.1.1

    BRANCH OFFICE LAN: 192.168.22.X Gateway:192.168.22.1

    SOPHOS XG WEB PROXY: 192.168.0.1:3128

    WEBSERVER1 on DMZ: 172.26.1.15

    WEBSERVER1 is on #PortE1:4 - 62.36.3.40 (not the real ip)

    WEBSERVER1 FQDN: webserver1.domain.com (not the real fqdn)

    Sophos XG is resolving DNS on 8.8.8.8

    LAN and BRANCH LAN is resolving DNS on internal DNS Server. The internal DNS Server points to the public ip of the web server fqdn.

Children