Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 7201 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF + NAT? Need help on Web Server Problems

GaryYeo

New to Sophos here so please be patient with me.

NAT rule doesn't work.

Rule Type: Full NAT

Traffic From: Any

Using Service: HTTP (80)

Going to: External Address (123.123.97.82)

Change Destination to: WebServer (192.168.0.11)

Service to: HTTP (80)

Change Source to: Internal Address (192.168.0.1)

Service to: HTTP (80)


but the moment I change the

Using Service: HTTP (80) to any other port eg. HTTP Proxy (8080)

I will be able to see the website using 123.123.97.82:8080

 


I'm curious why doesn't this rule work on port 80?

Do I need to setup a WAF for it to work?

If i setup a WAF Rule, do I still need NAT and NAT's Automatic Firewall Rule?

 



This thread was automatically locked due to age.
  • If you use WAF you must not use NAT since as I recall correctly NAT rules take precedence over WAF hence if you have both, WAF will not kick in.

    As to why your rule on port 80 does not work, I have no clue, maybe someone else can help you. However you would normally not need full-nat, a simple DNAT should also work:

    Traffic from: any (or Internet IPV4)
    Using service: HTTP
    Going to: External (address)

    Change destination to: Webserver
    Service: (leave blank when this is the same service as specified above)

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?