Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 619 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Two web servers on one ip public - question about DNAT

Marco Alunni Pini1

I've got 2 web servers on different local IP. Both IIS. (x.x.x.7 and x.x.x.21)

I've done 2 waf rules on firewall but i've got a DNAT on HTTP direct connect to 1 server (x.x.x.7)

It is necessary have DNAT rules (loopback and reflexive also)?

Infact every request of HTTP is redirect to the first server. I dont want to change the port on the second server.

What the walkthrough to do this publish?

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Hello ,

    Thank you for reaching out to the community, You could configure WAF(Web Application Firewall) with path-specific routing to achieve your requirements.
    For the reference you may checkout the following KBAs/DOCs: 
    1.) Sophos Firewall: WAF configuration guides
    2.) Add a web server protection (WAF) rule

    Regarding the question of DNAT loopback, that  allows internal hosts to communicate with other internal hosts over the external IP address or the domain name. Where as the reflexive rules reverses the matching criteria of the destination rule. For example, create a destination NAT rule to translate incoming traffic to an internal server. The corresponding reflexive rule will allow traffic from the server to the source specified in the destination NAT rule.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hello ,

    Thank you for reaching out to the community, You could configure WAF(Web Application Firewall) with path-specific routing to achieve your requirements.
    For the reference you may checkout the following KBAs/DOCs: 
    1.) Sophos Firewall: WAF configuration guides
    2.) Add a web server protection (WAF) rule

    Regarding the question of DNAT loopback, that  allows internal hosts to communicate with other internal hosts over the external IP address or the domain name. Where as the reflexive rules reverses the matching criteria of the destination rule. For example, create a destination NAT rule to translate incoming traffic to an internal server. The corresponding reflexive rule will allow traffic from the server to the source specified in the destination NAT rule.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML