Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 11421 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF (Web application Filter) for bridge interface

wolfgango

Hi,

 

In the new version v16 it is possible to configure WAF (Web application Filter) for a server on a bridge interface. In version v15 I was not able to use  the bridge interface.

When I configured the WAF there is no traffic registered on the business rule or traffic dashboard for the web server protection. So, I guess the WAF is not working, even the reverseproxy log stays empty.

 

On the internet, I found a possible solution for creating an Alias on the bridge interface. After creating an alias with the IP of the protected server the reverseproxy contains logging and the WAF rule shows traffic.

When surfing to the simple http website with no authentication I receive the message Service unavailable.

 

You can find the logging from the reverseProxy below.

 [proxy:error] [pid 26891:tid 4035922752] (110)Connection timed out: AH00957: HTTP: attempt to connect to xx.xx.xx.xx:80 (sharepoint) failed

 

 [proxy:error] [pid 26891:tid 4035922752] AH00959: ap_proxy_connect_backend disabling worker for (sharepoint) for 60s

 

 [proxy_http:error] [pid 26891:tid 4035922752] [client 169.254.234.5:49100] AH01114: HTTP: failed to make connection to backend: sharepoint

timestamp="1491828044" srcip="169.254.234.5" localip="xx.xx.xx.xx" user="-" host="169.254.234.5" method="GET" statuscode="503" reason="-" extra="-" exceptions="-" duration="15030768" url="/favicon.ico" server="sharepoint" referer="-" cookie="-" set-cookie="-" recvbytes="423" sentbytes="473" protocol="HTTP/1.0" ctype="text/html" uagent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.307                             29; .NET CLR 3.5.30729; InfoPath.3)" querystring="" ruleid="23"

 

I tried the troubleshooting guide on the Sophos website with no luck.

https://community.sophos.com/kb/en-us/124574

 

My First question does Sophos XG support WAF on bridge interface?

https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/75960/business-rule-and-bridge-configuration-surprising-behaviour

 

Kinds Regards



This thread was automatically locked due to age.
Parents
  • 0

    Hi, 

    Can you please show us picture of the configurations and 503 means the server is not available. That points us towards two possibilities:

    • The XG Firewall has an IP address which is not reachable by the external firewall.
    • The  XG cannot reach the server.

    I am not sure if the XG firewall is configured as bridge or a particular interface is defined as bridge. Can you also show us a simple network diagram to understand your requirement.

    Thanks

  • 0 in reply to sachingurung

    Thanks for your help, the problem is solved

    The problem was that I configured the same IP for the alias on the bridge network as the webserver IP.
    But if you need to protect a webserver on a bridge network then you need an additional IP address as alias.
    The requests from the modem will be send to the Sophos UTM(alias IP) and then it will be forwarded to the actual webserver.

    More information in the Sophos Documentation for how to configure an WAF on a bridge interface would be helpfully.

    Kinds regards

     

  • 0 in reply to wolfgango

    Thanks for the update, I will raise a request for the requested KBA.

    Cheers

Reply Children
No Data