Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 14905 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is Sophos UTM able to handle the proxy protocol (UTM behind ELB on AWS)?

KenichiMori

Hi,

Is there any way to know client ip on the environment where Sophos UTM is located behind ELB on AWS? In other words, is Sophos UTM able to handle the proxy protocol? I want to block malicious src ip detected by Sophos UTM at NACL on AWS.

Thanks,
Kenichi Mori



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Kenichi, and welcome to the UTM Community!

    I'm not familiar with Amazon ELBs, So I don't understand your question.

    Perhaps you could ask your question on an AWS forum -  How is it possible for a device behind an ELB to know the IP from which the request originally came?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob, thanks for your advice and responding my question!

    Let me tell you what I mean. My setting is like following.
    Client -> (the Internet) -> AWS ELB -> Sophos UTM -> Web

    As ELB changes the ip address to that of itself and passes it to backend, Sophos only sees ELB's ip address. On the other hand, ELB supports proxy protocol, which gives notice of client ip to behind server before data flow begins.

    Suppose my Web is attacked and Sophos detects that, it is difficult to block the attack based on ip address since only ELB's is within Sophos’s eyesight. However if Sophos understands proxy protocol, it could be a different scenario.

    Regards,
    Kenichi

Reply
  • 0 in reply to BAlfson

    Hi Bob, thanks for your advice and responding my question!

    Let me tell you what I mean. My setting is like following.
    Client -> (the Internet) -> AWS ELB -> Sophos UTM -> Web

    As ELB changes the ip address to that of itself and passes it to backend, Sophos only sees ELB's ip address. On the other hand, ELB supports proxy protocol, which gives notice of client ip to behind server before data flow begins.

    Suppose my Web is attacked and Sophos detects that, it is difficult to block the attack based on ip address since only ELB's is within Sophos’s eyesight. However if Sophos understands proxy protocol, it could be a different scenario.

    Regards,
    Kenichi

Children
Unfiltered HTML