Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 2874 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF for Good for Enterprise DirectConnect

RobertWerner

Hi @all,

I am trying to publish Good DirectConnect via the Webserver Protection. 

I first tested with portforwading (FullNAT) wihich is working fine, so I guess the mobile Device and the Good Server are configured correctly.

If using WAF, the Client Requests do not reach the Good Server. I think the reason is, that for Good DirectConnect must support the "HTTP CONNECT" method, but the needed Apache module mod_proxy_connect is not loaded in general.

Did anyone succeed in establishing a GOOD DirectConnect via WAF?

Regards,

Robert

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Robert,

    In your case, I am interested in looking at the reverseproxy.log. It will provide us some insight. Alongside, I will suggest you to raise a case with the support team and get it investigated.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin,

     

    the only thing the the reverseproxy.log throws out is a 400 error:

     

    2017:03:20-17:39:24 firewall reverseproxy: id="0299" srcip="xxx.xxx.123.29" localip="xxx.xxx.102.3" size="226" user="-" host="xxx.xxx.123.29" method="-" statuscode="400" reason="-" extra="-" exceptions="-" time="214" url="-" server="url.domain.tld" referer="-" cookie="-" set-cookie="-"

     

  • 0 in reply to RobertWerner

    Hi Robert,

    Status code 400  means the request contains bad syntax or cannot be fulfilled by the backend web server. Googling further, it also says that 400 Bad Request response code is used when the client has made a HTTP request to a port listening for HTTPS requests.

    Any catch out of that?

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin,

    I already thought about this, but if we use portforwarding instead of WAF, the clients communicate with the Good Server and it's https.

    I've now opened a case at Sophos. I think we need the apache module mod_proxy_connect, which ist available on the UTM, but not activated....

     

    Thanks

     

    Robert

Reply
  • 0 in reply to sachingurung

    Hi Sachin,

    I already thought about this, but if we use portforwarding instead of WAF, the clients communicate with the Good Server and it's https.

    I've now opened a case at Sophos. I think we need the apache module mod_proxy_connect, which ist available on the UTM, but not activated....

     

    Thanks

     

    Robert

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML