Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 927 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is going on with WAF on XG?

Regex

EDIT: Problem solved. You cant limit anyhow Source for specific country without problems on SophosXG - my problem was NAT, if you'll setup NAT then such source will be excluded from any malware scanning, logging etc. We must wait 'till Sophos Team will improve security  in that matter Slight smile

Hello.

Ive got simple scenerio where im hosting Synology Drive App for HOME purposes - its hidden behind WAF of SophosXG. Weird things happen.

1. AV is turned on but test malware files are passing thru

2. no logs from my own country in which im trying to access(From Poland)

Screenshots below are showing how i have setup WAF and NAT policy, and as soon as i am creating NAT rule for external access there is no logs anymore...

NAT:

WAF:


cd..

Protection server policy: 1/2



2/2



This thread was automatically locked due to age.
Parents
  • +1

    It is actually quite simple: 

    WAF is a service. NAT will always hit before a service. 

    So if you configure a NAT rule, it will bypass the WAF as a service.

    So if you only want to offer a WAF as a service for a particular country, you need to Blackhole via NAT all countries you do not want to have. So simply create a rule with all countries (groups) and do not include Germany/Poland. 

    This principle (NAT before Service) is most likely a standard. 

    __________________________________________________________________________________________________________________

Reply
  • +1

    It is actually quite simple: 

    WAF is a service. NAT will always hit before a service. 

    So if you configure a NAT rule, it will bypass the WAF as a service.

    So if you only want to offer a WAF as a service for a particular country, you need to Blackhole via NAT all countries you do not want to have. So simply create a rule with all countries (groups) and do not include Germany/Poland. 

    This principle (NAT before Service) is most likely a standard. 

    __________________________________________________________________________________________________________________

Children
Unfiltered HTML