Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 4 subscribers
  • Views 2695 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF Audit logs were not triggered

YujinWon

Hello,

I am tried to have a test for a WAF of SG.

I made a test lab using vmware and I configured a vulnerable website using DVWA.
And then tried to send attack traffics from a Kali Linux (name of tool that I used is OWASP ZAP.) to DVWA.
Also i ran XSS on the DVWA, it was successes .
But any audit logs were not triggered on the SG appliance.

One of Sophos staffs told me that I need to use domain or public ip address to trigger WAF audit log.
It cannot understand this explanation that because all traffics including XSS and OWASP ZAP traffics were reached to destination throughout SG UTM.

This is my simple diagram for this test. 

 Here is my configure for WAF. 

           

    <Virtual Server>                      <Real Server>                       <Site Route>

And DNAT is configured to access the web server from outside of firewall

It would be much appreciated, if you help me for my issue. 

Thanks, 



This thread was automatically locked due to age.
  • 0

    Are you sure you want the Virtual Server on the Internal interface?  What is the IP of "Internal (Address)?"

    I'm confused by your reference to a DNAT.  A DNAT would send the traffic directly to the DVWA, bypassing Webserver Protection.  See #2 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML