WAF - how to protect a public server

Question

Hi, 
 we have a web server with a public IP. Let's say the IP is 123.123.10.1/28. The gateway of this server is a network interface of Sophos XG, lets say 123.123.10.14/28 (we are autonomous system, we have several public IPs). How can I protect the web server with WAF in XG? What I cannot figure it out is that in "Hosted Address" in WAF firewall rule I cannot select the public IP of the web server ( 123.123.10.1/28), but only the gateway of that network 123.123.10.14/28. 
 In this moment the web server can be accessed from Internet just with a firewall rule "Any (source) to web Server), NAT is not necessary. 
 
 Thank you.

dirkkotte · Accepted Answer

No, users have to talk with the XG. 
 You can change the DNS record to point to XG instead of Web-Server. ...or bound the Web-Server IP as additional-IP to the XG and use a new IP with the webserver.

dirkkotte · Answer

Hosted address is a public IP bound to the XG. 
 Users only speak with this IP. XG/WAF then build the connection to selected "web Server" from Protected servers-List.

WAF - how to protect a public server

Top Replies