Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 24324 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple Internal Webservers

CurtisMcHale

Hello There,

Firstly I'd like to say how much I'm enjoying using Sophos XG Firewall. It really is a fantastic product with an amazing level of granularity. I''m making the switch from pFsense :)

I'm here because I'd like some guidance on XG Firewall's Reverse Proxy functionality. I've seen this feature listed in some literature on the Sophos blogs but I cannot find any supporting documentation on it. There's plenty out there for UTM but nothing as far as I can tell for XG Firewall.

I have multiple webservers hosted internally that I access externally. This was a simple setup in pFsense with the addition of the squid package and it's reverse proxy functionality. I did this by configuring two firewall rules that forwarded any traffic received on ports 80 & 443 to one of two ports of which squid was listening on. Squid would then look at the url and forward appropriately based on the config I specified. I had this nailed down to a tee but for the life of me I can't figure out how to do this in XG Firewall.

I'd really appreciate any advice on this. I'd rather not have another appliance doing reverse proxy when XG Firewall can supposedly do this.

Kind Regards,

Curtis.



This thread was automatically locked due to age.
Parents
  • 0
    I just did this a couple days ago, GUI was a bit confusing but got there in the end and works a treat.
  • 0 in reply to PaulRoberts

    Sorry to resurrect this from so long ago, but I've still yet to find a straightforward example of how to setup a reverse proxy aka WAF.

     

    I'd like to setup a reverse proxy for a web site hosted internally that I'd like to present externally.

     

    Internal web server: http://192.168.1.50:8080/mywebsite

     

    When setting up the host (hosts and services -> IP host -> add new), I use 192.168.1.50 and call it mywebserver.  Then I setup a new Web Server (Web Server -> Web Servers -> Add New), choose my host, select port 8080 and http (as https is not setup).  When setting up Business Application Firewall rule, I'm using path specific routing.  

    If I go to my external name and browse the path specific route (https://x.x.x.x/mystuff) with authentication turned on, I can connect to the forms, but when logged in, it goes to an error.

     

    How exactly do I access the virtual folder of "mywebsite" using WAF?  As going to http://192.168.1.50:8080 internally yields nothing as the application resides in /mywebsite virtual folder.  I see no where to set this path anywhere when connecting.

    There is no "easy" way in this application that I am aware of to forward requests to the virtual folder, making the /mywebsite a necessity.

    Thanks in advance.

  • 0 in reply to whimdutr

    My experience and reading of the forums is that path-specific routing only allows you to redirect request to the root directory of an internal webserver. It also doesn't appear to support wildcards of regex in the path string, despite the underlying technology being capable of doing it.

    Given that the appliance won't do what you need, can you create an index.html file on http://192.168.1.50:8080/ that performs a 302 redirect to "/mywebsite" ?

Reply
  • 0 in reply to whimdutr

    My experience and reading of the forums is that path-specific routing only allows you to redirect request to the root directory of an internal webserver. It also doesn't appear to support wildcards of regex in the path string, despite the underlying technology being capable of doing it.

    Given that the appliance won't do what you need, can you create an index.html file on http://192.168.1.50:8080/ that performs a 302 redirect to "/mywebsite" ?

Children
No Data