Previously in V17 firmware I had setup WAF rules so that https traffic to our single external IP was directed to different webservers dependent on subdomains. This worked really well as I could just specify the subdomain for the service in our public DNS to point to a single external IP and then direct clients to that subdomain. Also it greatly simplified the set up on the servers as I didn't have to create and redirect custom ports for each of the web servers or direct clients to custom ports. Also really nice because it redirected port 80 traffic at the check of a button and on some things (exchange....) this is a fair bit more complicated to configure on the webserver.
This worked like so:
serverA.domain.com > DNS to Public IP > WAN port of firewall > WAF Rule picked up servera.domain.com and 443 or 80 redirected to 443 > SERVER A internal IP (say in the DMZ for instance)
serverB.domain.com > DNS to Public IP > WAN port of firewall > WAF Rule picked up serverb.domain.com and 443 or 80 redirected to 443 > SERVER B internal IP (Say in the LAN for instance)
In the V18 guide it said they were decoupling NAT rules from Firewall rules BUT the migration would auto create NAT rules so that traffic being redirected to internal servers would not break. Well the above scenario broke. All traffic bound for 443 is directed to SERVERA or whatever server is highest in the NAT rules list.
I have a ticket open with Sophos to ask how to restore functionality as above but was wondering if anyone has figured this out?
The only suggestion so far has been to watch the 30 minute long video on the new NAT functionality and "add the appropriate NAT rules" however no matter what I add to the NAT rules it does not seem to honor the domain in the WAF rules and simply redirects the traffic to a single web server.
This thread was automatically locked due to age.
