Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Page 1 of 2 1 2
Reply
 
LinkBack Thread Tools Display Modes
Member
Join Date: Sep 2004
Posts: 54
#1 (permalink)  
Old 01-09-2013, 03:03 PM
Default Web Application Firewall - Real webserver "in error"
I' am trying to setup an Web Application Firewall on my Sophos UTM 9. I've configured some real webservers and one virtual webserver. In the virtual webserver on the left always appears an icon that says "in error". I get nothing in the logs. What could cause this problem?
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 14,596
#2 (permalink)  
Old 01-09-2013, 04:39 PM
Default
Please [Go Advanced] below and attach a picture of the Edit of your Virtual Server.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Member
Join Date: Sep 2004
Posts: 54
#3 (permalink)  
Old 01-10-2013, 09:41 AM
Default
Here is the picture of my configuration.
Attached Images
File Type: jpg config.jpg (52.1 KB, 44 views)
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 14,596
#4 (permalink)  
Old 01-10-2013, 04:17 PM
Default
You haven't selected a 'Firewall profile'. Is there a reason you're using the IP instead of an actual FQDN in 'Domains'.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Member
Join Date: Sep 2004
Posts: 54
#5 (permalink)  
Old 01-10-2013, 06:38 PM
Default
I've also tried it with firewall profile and it did not work either. I've entered the ip because I want to test this function first before I use it in production.
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 14,596
#6 (permalink)  
Old 01-10-2013, 06:56 PM
Default
Just go ahead and use the actual domain and select the "Basic Protection" firewall. There's no danger in experimenting with a production server as you're using the internal interface and port 5555.

Any luck?

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
BrucekConvergent's Avatar
Master of Reality
Join Date: Oct 2005
Location: SC, USA
Posts: 4,186
#7 (permalink)  
Old 01-10-2013, 07:09 PM
Default
Is the "real" server actually up and able to serve pages? what does the WAF log show?
__________________
Convergent Information Security Solutions, LLC
Sophos Gold Solution Partner
Reply With Quote
Member
Join Date: Sep 2004
Posts: 54
#8 (permalink)  
Old 01-11-2013, 11:21 AM
Default
I've now selected the "Basic Protection" profile and entered the www address of my Filewall and switched to the external interface, but is still doesn't work. The "Web Application Firewall" log is 0 bytes. The UBUNTU webserver does work. I've also tried to forward to my Windows IIS Server, but that didn't work either. It is weired that nothing is logged. Should not at least the start of the Web Application Firewall appear in the log?
Last edited by thenetstriker; 01-11-2013 at 12:30 PM.
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 14,596
#9 (permalink)  
Old 01-11-2013, 03:23 PM
Default
To use the External interface from inside the "Internal (Network)", you would need a Full NAT (Accessing Internal or DMZ Webserver from Internal Network). On second thought, I don't believe this would work at all to get traffic to the WAF - I think you have to use the approach with the Internal interface if accessing from the Internal network.

It will be easier and a better test to use the Internal interface and create a DNS entry for the FQDN pointing at the IP of "Internal (Address)".

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Last edited by BAlfson; 01-11-2013 at 06:35 PM. Reason: On second thought
Reply With Quote
BrucekConvergent's Avatar
Master of Reality
Join Date: Oct 2005
Location: SC, USA
Posts: 4,186
#10 (permalink)  
Old 01-11-2013, 06:25 PM
Default
Do you have any NAT rules configured that may conflict with this?
__________________
Convergent Information Security Solutions, LLC
Sophos Gold Solution Partner
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 06:51 AM.

Contact Us - Sophos User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.