Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1144 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF - public webserver ip

synopex
Hi,
because no WAF category atm on this board, i hope this will be the correct one.

I want to use/test the new WAF. Its possible to route the public IP/Net from the webservers against the WAF?

I have one public IP on the ext. interface and behind the fw a public net with web-servers.
Now I DNAT the traffic of www for the webservers IP to one of the astaro`s interface an use this for the new virtual-webserver in the WAF-Modul.
I see no other way atm; seems correct?

Am small howto would be nice, but only about owa in the KB.


This thread was automatically locked due to age.
Parents
  • 0
    That might work, but not if you DNAT to an IP; if it can work, the target would need to be the "External (Address)" object.  However, I don't think you need it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    That might work, but not if you DNAT to an IP; if it can work, the target would need to be the "External (Address)" object.  However, I don't think you need it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    in the last 2 weeks i experience with this service....

    With DNAT rules to an IP-Adress of the ASG it not work correclty. I create a additional IP-Adress in the same Net as the real-webserver on asg, create a new host defenition in the dns-zonefile for testing, and sets the waf to hear on this additional adress. Now it seems to work for the test entry.

    So, have to vote for feature-request for transparent-mode.