Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 11563 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF with single NIC?

BarryG
Hi, can the WAF (in 9.006) be used in a system with a single NIC?

If so, how many IPs are needed on that NIC? Can a single IP work?

Thanks,
Barry


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    It's Internet->Cisco ASA->DMZ Switch->UTM WAF

    The internet traffic is DNAT'd on the ASA (I know Cisco doesn't call it DNAT) to the UTM WAF. The UTM WAF has a Virtual Webserver configured with an extra DMZ IP matching the ASA DNAT. 
    The UTM WAF also has the 'Real Webservers' configured with the Internal IP of the protected webserver. The protected webserver is on an Internal LAN (through the ASA).
    The WAF is working fine.

    I've tried hitting http://server/cmd.exe, expecting an IIS rule to trigger (it's worked before).

    I haven't setup the 'advanced' tab yet, so in theory, it should be working, right?

    However, I wonder that since there's only one NIC, the IPS isn't effective.

    Thanks,
    Barry
Reply
  • 0
    Hi,

    It's Internet->Cisco ASA->DMZ Switch->UTM WAF

    The internet traffic is DNAT'd on the ASA (I know Cisco doesn't call it DNAT) to the UTM WAF. The UTM WAF has a Virtual Webserver configured with an extra DMZ IP matching the ASA DNAT. 
    The UTM WAF also has the 'Real Webservers' configured with the Internal IP of the protected webserver. The protected webserver is on an Internal LAN (through the ASA).
    The WAF is working fine.

    I've tried hitting http://server/cmd.exe, expecting an IIS rule to trigger (it's worked before).

    I haven't setup the 'advanced' tab yet, so in theory, it should be working, right?

    However, I wonder that since there's only one NIC, the IPS isn't effective.

    Thanks,
    Barry
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?