Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 3334 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to acces WAF Sites through Web Proxy on XG 210. Does anybody know why?

JordiPa

Hello,

This is my first time publication on this community.
First of all, sorry for my english.

We have a Sophos XG 210 with SFOS 17.1.4 MR-4 Firmware.

I've published some web sites through WAF firewall rule and look like everything is ok. I'm able to access the web site from WAN side and from LAN side, but on computers with the Sophos XG web proxy we are unable to acces web sites created on WAF.

The desktops that has Web Proxy are on branch offices, and all are abble to acces any site on Internet.

LAN DESKTOPS - 192.168.0.x GATEWAY:192.168.0.1

WEB PROXY: 192.168.0.1:3128

The web site are on the DMZ: 172.26.1.X

The sites are published through #PortE1:0...#PortE1:4

Does anybody know why and how to solve it?

I'm a little bit frustated, because I don't find the solution on the comunity.

Thanks

Jordi

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hello Jordi,

    If you have assigned the interface Port E.4 or E.3, your main traffic is going through the default WAN interface address, i.e. Port E. You may so the traffic might be flowing between your WAN interfaces. Could you please configure a WAN to WAN rule with no NAT applied and check if that would resolve this issue?

  • 0 in reply to Aditya Patel

    Thanks for the answer.

    It didn't do the trick. I understant what u'r explainning but unnafortunatelly the WAN to WAN rule didn't solve it. I try to capture the packets when I attemp to browse to my DMZ sites but it's like it doesn't exist, I get no traffic or maybe I don't know what to look for.

  • 0 in reply to JordiPa

    Hi JordiPa,

    In the WAN to WAN firewall rule, could you please apply NAT MASQ and check if that would work. Also, could you add an exception on one of your machines to bypass proxy for that public address and check  if that made a difference.

    I would advise to open a service request withsecure2.sophos.com/.../support.aspx Sophos Support to open a investigation to check your scenario.

  • 0 in reply to Aditya Patel

    Hi Aditya,

    Thanks for the response.

    I've tried the WAN to WAN rule with and without MASQ and nothing.

    The machines with web proxy enabled are on branch offices and the gateway doesn't point the sophos firewall, so if I bypass proxy I got a 404, it's the correct behaviour.

    I've open a support case.

    Jordi

Reply
  • 0 in reply to Aditya Patel

    Hi Aditya,

    Thanks for the response.

    I've tried the WAN to WAN rule with and without MASQ and nothing.

    The machines with web proxy enabled are on branch offices and the gateway doesn't point the sophos firewall, so if I bypass proxy I got a 404, it's the correct behaviour.

    I've open a support case.

    Jordi

Children
No Data