How to configure WAF feature on Sophos XGS

Sophos XGS is a web application firewall that’s designed to protect your organization from the threats of today and tomorrow. It provides powerful protection against hackers, malware, and other cyber-threats.

The sophos utm waf troubleshooting is a tutorial that shows how to configure the Sophos XGS firewall.

Vincent Sophos 0 Vincent Sophos 0 Vincent Sophos 0 Vincent Sophos 0 Vincent Sopho

Overview

The article explains how to set up the Sophos XGS firewall’s Web Application Protection functionality. Instead of using a Web server like NAT, the Sophos firewall will simulate direct contact with clients outside the Internet with WAF. This will help to safeguard the Web server from external threats while also ensuring that web traffic remains consistent.

Diagram

Steps to Configuration

Set up the Ubuntu web server with a local IP address of 172.18.18.50/24.
Configure the Sophos XGS’s WAF capability to connect to a public Ubuntu web server.
External access to the web server
Result

How to set it up

Set up the Ubuntu web server with a local IP address of 172.18.18.50/24. www.test.com is the domain name.

Configure the Sophos XGS’s WAF capability to connect to a public Ubuntu web server.

Create an Ubuntu web server and host it on a Sophos XGS.
Go to SYSTEM -> Choose Hosts and services -> Choose IP host -> Click Add
Fill in your name here.
Choose IPv4 as the IP version.
Choose IP as a type.
In terms of IP address: Enter the Ubuntu web server’s IP address.
Save the file.

On the Sophos XGS, create a web server.
Go to PROTECT -> Choose Web server -> Choose Web servers -> Click Add

Fill in your name here.
In Host, select the previously built Ubuntu web server as the host.
Because the web server does not have an SSL certificate, choose Plaintext (HTTP) (choose Encrypted (HTTPS) if the web server does have an SSL certificate).
Keep the default port in Port.
Keep alive is enabled.
Save the file.

Go to PROTECT -> Choose Rules and policies -> Choose Firewall rules -> Click Add firewall rule -> Choose New firewall rule

Fill in your name here.
Choose top in the rule position.
Choose None in the Rule group.
In Action: Select Protect with Web Server Protection from the drop-down menu.
In the address of the host: Select the WAN port through which the remote client will connect.
If the web server does not have an SSL certificate, select 80 as the listening port; if the web server does have an SSL certificate, select HTTPS with port 443 as the listening port.
If you choose HTTPS, select an SSL certificate that was created previously (see import instructions below) **
Enter your web domain in the Domains section.
In Web server, select the web server that was previously created.
Advanced: Select the web server security features that you want to protect.
If you want to keep the request from the client to the web server, select Pass host header.
If the web server’s public domain name differs from the web server’s local domain name, select Rewrite HTML.
If you don’t want traffic to be compressed when accessing the web server, select Disable compression support.
Save the file.

** If a web server’s SSL certificate is available, follow the instructions to add it.

Install an SSL certificate on your computer if one is already installed on your Ubuntu web server.
Go to SYSTEM -> Choose Certificates -> Choose Certificates -> Click Add
Upload two files: a certificate and a key.
Save the file.

Allow external access to the web server

Because the domain test.com is not registered in my lab, you’ll need to change the hosts file on the external system that wishes to connect to the web server.

On Windows 10, navigate to C:WindowsSystem32driversetc to edit the hosts file.
Copy file hosts to the desktop and open the hosts file with notepad-> Then add the following line -> Click Save

Then, on the desktop, copy the updated hosts file and paste it over the original hosts file in the C:WindowsSystem32driversetc folder.
Then go to the domain test.com and log in.

Result

Sophos XGS traffic monitoring

YOU MIGHT ALSO BE INTERESTED IN

The sophos waf datasheet is a document that provides information about the Sophos XGS. It includes the configuration and settings for the firewall as well as other features such as intrusion detection, file integrity monitoring, and more.

Frequently Asked Questions

How do I enable WAF in Sophos XG?

To enable WAF, you will need to go into the Sophos XG interface and select WAF under the Security tab.

Is Sophos WAF?

How do I configure my Sophos XG Firewall?

To configure your firewall, you need to know the IP address of your computer and the name of your network. If you dont know what the IP address is, please contact your internet service provider.

Related Tags

sophos xg web application firewall
sophos xg v18 waf configuration
sophos waf
sophos xg v18 web server protection
sophos xg waf rewrite html

About The Author

Renee Straphorn

See author's posts

Tags: images

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Renee Straphorn

Related Stories

Maximizing Impact at Corporate Conferences with Innovative Audio Visual Planning

The Ultimate Basketball Games To Play On Mobile Today

5 Bonus Buy Slots That Actually Give You a Shot

How Long Is a DUI on Your Record?

How Data Is Influencing Decision-Making Today

How Social Features (Chat, Leaderboards) Boost Engagement in Casino Apps

What are the key features of Ometria?

Moss is a spend management app that helps businesses keep track of their spending

Bibit is a robo-advisor app for Indonesian investors

What are the key features of Ometria?

Why the Alexa Turing Test is Important