Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 24236 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Business rule and Bridge configuration surprising behaviour

NicolasRICHARD

Hi ther,

I need a little help if possible .

I have an XG configured in Bridge mode 

in the LAN zone I have a  WEB server (a synology device) that I want to make reachable from the internet  .

Creating the Business Application Rule in "http based mode"  the "Hosted Server" let me choose only interfaces but not the bridge #br0 

I cannot either select or  typein any other value thus I wondering what to do  ?

Is it due to bridge mode ? 

Thank you for your advice

Nicolas



This thread was automatically locked due to age.
  • 0

    Hello Nicolas,

    I'm afraid, at the moment a bridge interface cannot be defined in HTTP-based Business Application policies. This behavior should change in version 2. There are also chances that it will be fixed in a maintenance release for version 1 (but definitely not in the comming MR2).


    Sabine

  • 0 in reply to Evianne

    Hello Sabine,

    Thank you for this answer 

    Besides , let me know if there is any soure of comparison betewen the two modes and the functionality availbale and operationnnal in each mode ?

  • 0 in reply to NicolasRICHARD

    Hello Nicolas,

    sorry, I don't think we have something like this and I also don't have enough insight in other features.

    Best,
    Sabine

  • 0 in reply to Evianne

    Hello Sabine

    Thank you anyway

     have a nice day

    Nicolas

  • 0 in reply to Evianne

     

    Hello,

     

    I can confirm this the issue is still present in version SFOS 15.01.0 MR-3.

    Creating a Business Application Rule in "http based mode" the "Hosted Server" let me choose only interfaces but not the bridge #br0, even when creating an alias ip for the bridge.
    I did not found any information if this is changed in the latest version V16.

     

    Kinds Regards,

  • 0 in reply to wolfgango

    HI wolfgango, 

    I would need more information on the scenario you are trying to achieve . 

    Configuration of Ports 

    eg : PORT 1 Zone Address 129.x.x.1

    DO you have a Mail server on your LAN and is the LAN network Bridged ?

    There are certain limitations on the Bridge configuration . Seems you issue is relevant to Virtual Host as Business rules is Involved when you configure Web server. 

    https://community.sophos.com/kb/en-us/123276

     

     

  • 0 in reply to Aditya Patel

    Hi Aditya,

     

    We use a physical XG UTM with version 15.01.0 MR-3.

    The UTM is configured in bridge mode so the WAN and LAN subnet are the same.

    The webserver we want protect is behind the bridge with ip 10.xx.xx.14.

    I created an alias ’10.xx.xx.x14’ on the br0 interface with as name (Br0:0)

    When we create a Business Application Rule in "http based mode" the "Hosted Server" let me not choose the bridge interface.

    We have a secondary internet line not configured as bridge with an Alias that can be selected in the Hosted server.

     

    Bridge does not support virtual host but we are using a physical XG or do you mean something else?

     

    Webserver                         10.xx.xx.14

                   

    Bridge br:0

                    PortE0 LAN         10.xx.xx.xx

                    PortE1 WAN       10.xx.xx.xx

     

    Kind regards