This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

1 WAN 2 DMZ

My issue is I have a 2nd DMZ zone that also has the same WAN source zone as DMZ 1.

WAN is my IP

DMZ 1 -192.168.2.1 Windows Server

DMZ 2 -192.168.3.1 Linux Server

The rule I have in place allows for the Destination Service to forward to DMZ 1. If I make another rule for DMZ 2 then obviously everything gets routed to DMZ 2 so thats not helpful.

I have also tried a WAF rule with domains and both servers accounted for but the issue I get here is that DMZ 2 loads very very slowly if at all. Everything on DMZ 1 is then classified as Forbidden.

My goal is to have my domains come the WAN, then look for its server on DMZ 1 and if that domain is not housed there,then look for its home on DMZ 2.

I have tried putting both servers on DMZ 1 but the end resulted in all the domains on the Windows server resolved with the domain thats on the Linux server.

To give it perspective- if my Windows server had google.com and my Linux server had Bing.com, every time I go to google.com the page would show google.com as the web address but would show bings webpage.

So is having 2 different web servers on Sophos XG possible with one WAN IP? If so, I suspect its a WAF rule that needs to be implemented but why would the domains be forbidden with this rule enforced?

This thread was automatically locked due to age.

0 FormerMember over 5 years ago

Hi JAGER

If both servers are listening on same service, simple DNAT rule with this setup will not work. If you have multiple WAN IP address you could create Alias IP address and have DMZ2 server on it.

I would suggest you to consider setting up WAF.

Sophos XG Firewall: WAF configuration guide

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel