This morning we switched over to our Sophos XG FIrewall. Professional services did alot of the leg work for us in the main configuration and while it appears most things are working properly we did find a few things wrong after we got off the phone with professional services after cut-over. However later in the day it was only then we realized that all of our outside facing websites are showing the User Portal. Now this isn't a huge rush for us as most of it is legacy stuff that is rarely accessed but needs to be left for those rare occasions.
So for example Primary IP for facility is 100.200.100.64 this normally resolved to https://subdomaina.domain.com - resolves to user portal
100.200.100.65 normally resolves to https://subdomainb.domain.com but is now resolving to user portal
100.200.100.66 normally resolves to https://subdomainc.domain.com but is now resolving to user portal
100.200.100.67 normally resolves to https://subdomaind.domain.com but is now resolving to user portal
If I disable the captive portal it never resolves to anything and the website just says can page can not be display.
Some basic information on setup:
Sophos XG330 FW - 18.0.4
Under Hosts and Services
- Port 2 System Host 100.200.100.64/255.255.255.255 (not sure if it matters as everything seems to show that subnet but real subnet for that address is 255.255.255.240)
- Port 2:0 System Host 100.200.100.65/255.255.255.255
- Port 2:1 System Host 100.200.100.66/255.255.255.255
- Port 2:2 System Host 100.200.100.67/255.255.255.255
- IP address 100.200.100.64
- IP address 100.200.100.65
- IP address 100.200.100.66
- IP address 100.200.100.67
- IP address 192.168.1.4 (subdomaina)
- IP address 192.168.1.5 (subdomainb)
- IP address 192.168.1.6 (subdomainc)
- IP address 192.168.1.7 (subdomaind)
Under Network
- All outside addresses are showing under Port2
Now to save us both some time since the following would be identical base configs between them
Rules and Policies
- NAT Rule for Subdomain D
Original Source - Any
Original Destination - 100.200.100.67
Original Service - HTTPS
SNAT - Original
DNAT - 192.168.1.7
PAT - Original
Inbound Interface - Port 2
Outbound Interface - Any - Firewall Rules for Subdomain D
Action - Accept
Rule Group - None
Log firewall traffic - Enabled
Source Zones - WAN
Source Networks and devices - Any
During Scheduled Time - All the time
Destination Zones - LAN
Destination Networks - 100.200.100.67
Services HTTPS
Web filtering is not configured
Configured Synchronized Security Heartbeat both set to No Restriction
Other Features: All unconfigured with the exception of IPS which is set to WAN TO LAN policy
This thread was automatically locked due to age.
