Sophos UTM - Web Server Protection

What log are you viewing that shows this? Can you just turn on logging for your DNAT rule, it will show you what you want

Hi, i 'am looking at the audit logs on our company wide case managment system, managers around the company need access to ths information so logs from the firewall are not an option.

The old Microsoft TMG firewall could pass this information though to the case managment system, but since we upgrade to sophos utm this has now stopped.

Thanks.

Hi, i 'am looking at the audit logs on our company wide case managment system, managers around the company need access to ths information so logs from the firewall are not an option.

The old Microsoft TMG firewall could pass this information though to the case managment system, but since we upgrade to sophos utm this has now stopped.

Thanks.

Then I'd say this has nothing to do with the UTM but rather your how your case management system is gathering info from the UTM

It must be the UTM as the Microsoft TMG firewall was passthing the public ip address after moving to the UTM all we get is the IP adddress of the UTM.

It like the utm is stripping the ip header out?

thanks

I wouldn't say that. It's your case management system querying the UTM to obtain these logs? Querying via snmp? Whatever it's doing, I'm sure you'll be able to adjust the configuration of it so that it gathers what you want.

I might log a call with Sophos tech team..

All this worked before we moved to Sophos UTM there is a simple tick box on Microsoft TMG to pass the IP.

Pass the IP to what? This "tick box" is labeled what on your TMG? You're not giving any information here. Is this mystery system you use a syslog server? Set up the same in the UTM, logging and reporting "Remote Syslog Server"

Lee, have your Case Management portal record the X-FORWARDED-FOR header.  The reverse proxy adds that for you.

Cheers - Bob