Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 710 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF port sharing?

Aaron Howe

Is it possible to have 2 WAF rules that use the same listening port e.g 443? On my UTM I have Exchange OWA and Nextcloud WAF rules setup and working where the UTM understands which service the traffic is for due to the URL and forwards to the correct real backend servers.

When I setup the same thing in XG 18.5 the traffic always just gets redirected to Exchange. Is what I'm doing actually possible in XG or do they have to be setup using different listening ports?



This thread was automatically locked due to age.
  • 0

    You need to do this in the Real Server. Basically you have one virtual Server in SFOS and under real server down in the firewall rule, you should be able to split up the Direction path to each server. 

  • 0

    Yes, it is possible to have more than one WAF-Firewall-Rule pointing to the same external IP.

    You have to configure the "Domain" / SNI to select the correct rule for a specific internal server.  And of course it works with HTTPS too.

    ... as seen with SG already ....

    If this don't work, check which FW-Rule is triggered? Check / Post the WAF-LOG.

    PS: ... possible there is a DNAT-Rule already?

  • 0 in reply to dirkkotte

    Okay thanks for the suggestions. I'll double check what I've done as I'm pretty sure that's already how I had it setup and it still always just forwarded to Exchange OWA. I'll post some screenshots once I can get some time to swap from the UTM to XG