Hello,
My issue is quit difficult to understand but i will to explain you the most clearly as i can.
I have customer that he have many Zones on his actual Firewall : Sophos UTM9 (LAN, WAN, DMZ, WIFI, HA, RED).
He have three third application that is exposed on WAN (https://customer.com) :
- In DMZ zone, there is 1 server with HAPROXY
- HAPROXY load balancing to 2 BACK-END servers
- Back-end servers are on LAN Zone
- And the others (DATABASE, STORAGE...) are on LAN Zone too
it looks like this :
The story from the beginning is that the customer had to migrate his Sophos UTM firewall to a Sophos XGS a few months ago.
The difficulty is that they have about fifty rules and that the configuration of the rules between a UTM and a Sophos XGS is completely different. Moreover, their network is not entirely managed by them but by their headquarters in a foreign country so the data is very difficult to collect.
I first tried myself with 3 interventions at the customer's place without success by copying the rules and all the other configurations by hand because they can't let the old firewall disconnect during production hours.
I then called the Sophos migration service which used an automatic migration tool but it did not change anything.
They'll call me tomorrow to see what can be done, I'm crossing my fingers that they'll unblock it!
I am writing to you for a point I would like to clarify.
I put the Sophos XGS between their LAN and their DMZ in transparent mode (not the same IP).
The problem is that I can't reach the HAPROXY server that distributes the website (LAN to DMZ). Here is how my PC is installed so that I can do the simulation.
It is configured so that it is the Sophos XGS that redirects and not the production one :
Here are also the last rules that I tried but without success;
Can you tell me what is wrong with this simulation so that the rule does not pass?
Regards,
Raphaelle
This thread was automatically locked due to age.
