Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1652 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall - WAF Rule - Multiple Domains and One Public IP

JakeCherrie

Hi Everyone,

I'm a little new to Sophos XG Firewalls and really firewalls in general. I always thought it was not possible to host multiple services (e.g. websites) on the same port and public IP address but when I started to play with Sophos XG Home Edition because work has moved to Sophos Firewalls I thought I would ask the question if this can be done using Sophos. Answer apparently is yes it can be using a WAF rule. I found this information from this link.

So I decided to try and set this up. I now have two VM's running two different websites on port 80 and I have two different domains. Each domain is setup in public DNS and internally on my private DNS. The first website lets me access it no issue at all and I can even see traffic on the new WAF rule but I cannot access the 2nd website at all and there is no traffic on the 2nd WAF rule.

I'm hoping someone might be able to point out to me what I have done wrong. I will try and outline as much information as I can below to help with this.

I have a theory based on some reading I've done that an SSL certificate would be required for this to work but as this is a home environment for testing/Lab play I don't have the budget to purchase a certificate and I'm hoping to get this working with out the need of one.

My Environment

Firewall = Sophos XG Home Edition = 18.04

Public IP points to subdomain1.domain.com (public DNS)

Public IP points to subdomain2.domain.com (public DNS)

WAF rule 1 looks for subdomain1 on port 80 and points it to VM 1

WAF rule 2 looks for subdomain2 on port 80 and points it to VM 2

Private IP 1 points to subdomain1.domain.com (private DNS)

Private IP 2 points to subdomain2.domain.com (private DNS)

Both websites are accessible from inside my network.

WAF rule 1 is priority 1 and WAF rule 2 is priority 2.

I've been testing this using my mobile phone with Wi-Fi turned off and two separate browsers both with private mode enabled.

Attachments

Attached are two screenshots. One for each WAF rule. There are no settings defined below the point of these screenshots.

References


These are various references I've used to work how to configure the rule as it. Not all of them are current so they don't match my version.

https://community.sophos.com/xg-firewall/f/discussions/116947/multiple-domain-forwarding-1-public-ip/422206#422206

https://support.sophos.com/support/s/article/KB-000036712?language=en_US

https://community.sophos.com/xg-firewall/f/discussions/123238/xg-firewall-home-web-server-not-working

https://support.sophos.com/support/s/article/KB-000036242?language=en_US

Thank you to everyone for your help and input for this and sorry that this is a long read I just wanted to make sure that all the information was provided up front.



This thread was automatically locked due to age.
  • 0

    possible there are problems defining the FQHN for the WAF Rules.

    You have to define the Host-Name ... not the sub-domain.

    Feel free to send the screenshots unmasked as PM.

  • +1 in reply to dirkkotte

    Found the answer.

    You can't have a NAT rule enabled that matches what you are trying to do. e.g. forward port 80 to internal IP x.x.x.x

    You also have to make sure that the allowed list is populated with something. No idea how but it would seem that I disabled the Allow all IPv4 option from the allowed list in one of my WAF rules.

    Thank you all.