(Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])
Hallo Mathias,
Yes, as mod said, that can be done, but the "cleaner" way to get what you want is to have your ISP route your /28 subnet to the IP on your External interface. Then, WebAdmin does the routing and you need only make a firewall rule to allow the traffic you want to accept.
If you have a subscription that includes Webserver Protection, you will want to put the public IP on the External interface and use private IPs in your DMZ. That will give you maximum protection. Start by putting the public IP on External, the private IP on the server and making a NAT rule like:
DNAT : Internet -> HTTP -> External [Server] (Address) : to Server
To determine how you want to configure the Firewall Profile, first make a Virtual Server with an Additional Address on your Internal interface. Change internal DNS to resolve the FQDN you want to reach to this new address. Now you can test what settings you can use. Once you have the Firewall Profile configured as you want it, change the 'Interface' selection to "External [Server] Address" and disable the DNAT.
MfG - Bob (Bitte auf Deutsch weiterhin.)
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
Hi and thanks for your answer . Unfortunately I can not use WAF because operate on the Web many people websites with SSL . I would then always the WAF adapt if customers change their certificate . Can I do that with the ARP proxy as on another website described use ? Which IP gets the internal interface in the DMZ ?
Hi and thanks for your answer . Unfortunately I can not use WAF because operate on the Web many people websites with SSL . I would then always the WAF adapt if customers change their certificate . Can I do that with the ARP proxy as on another website described use ? Which IP gets the internal interface in the DMZ ?
