Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 712 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF port sharing?

Aaron Howe

Is it possible to have 2 WAF rules that use the same listening port e.g 443? On my UTM I have Exchange OWA and Nextcloud WAF rules setup and working where the UTM understands which service the traffic is for due to the URL and forwards to the correct real backend servers.

When I setup the same thing in XG 18.5 the traffic always just gets redirected to Exchange. Is what I'm doing actually possible in XG or do they have to be setup using different listening ports?



This thread was automatically locked due to age.
Parents
  • 0

    Yes, it is possible to have more than one WAF-Firewall-Rule pointing to the same external IP.

    You have to configure the "Domain" / SNI to select the correct rule for a specific internal server.  And of course it works with HTTPS too.

    ... as seen with SG already ....

    If this don't work, check which FW-Rule is triggered? Check / Post the WAF-LOG.

    PS: ... possible there is a DNAT-Rule already?

Reply
  • 0

    Yes, it is possible to have more than one WAF-Firewall-Rule pointing to the same external IP.

    You have to configure the "Domain" / SNI to select the correct rule for a specific internal server.  And of course it works with HTTPS too.

    ... as seen with SG already ....

    If this don't work, check which FW-Rule is triggered? Check / Post the WAF-LOG.

    PS: ... possible there is a DNAT-Rule already?

Children