You can specify the web servers, authentication method, and allowed and blocked client networks. Specify the details of the Protected servers. Virtual web servers with wildcard domains are only matched when there are no virtual web servers with specific domains configured.Įxample: A client request to the domain,, will match with before it matches with *. before matching with *.com. at the start of a domain name only.Ī single WAF policy supports multiple wildcard domains. You can edit or delete these or add new domain names. If you've turned on HTTPS, domain names of the selected HTTPS certificate show in the list. Select to redirect port 80 traffic to port 443.Įnter the FQDN configured for the web server, for example,. To create or upload a certificate, go to Certificates > Certificates. Servers are presented to clients based on the requested hostname. You can assign a different certificate to each server. Sophos Firewall supports SNI (Server Name Indication), allowing you to create more than one virtual web server that's accessible over the same IP address and port. If you selected HTTPS, select the certificate. If you turn this on, the hosted server is accessible through HTTPS and not through HTTP. You can't use some ports as these are reserved by the firewall for system services. WAF can't share the same port as the user portal. In this case, SSL VPN works on any IP address except the IP address ( Hosted address) configured for WAF. You can use the same port (for example, 443) for SSL VPN and WAF. The defaults are port 80 for HTTP and port 443 for HTTPS. The HTTP header X-Forwarded-For carries the client’s IP address.Įnter the port number on which to reach the hosted web server. When a client establishes a connection and accesses the web server, the web server obtains the interface address of the web application firewall (WAF) and not the client’s IP address. You can use the public IP address assigned to the interface or use an alias to bind the required public IP address. The WAF rule is bound to the IP address assigned to the interface. Select the public IP address assigned to an interface through which users access the internal server or host. Microsoft Remote Desktop Web 2008 and R2.Microsoft Remote Desktop Gateway 2008 and R2.None: Specify the web server protection details.Select Protect with web server protection. If you select Automatic, the firewall rule is added to an existing group based on first match with rule type and source-destination zones. You can also create a new rule group by using Create new from the list. Specify the rule group to which you want to add the firewall rule. You can turn off a rule if you don’t want to apply its matching criteria. Go to Rules and policies > Firewall, select IPv4 and click Add firewall rule.
You can control HTTP traffic flowing to and from a web application by creating a Microsoft Lync rule that uses IPv4 protocol. Migrate to another authenticator application.Check connectivity between an endpoint device and authentication server using STAS.Configure the user inactivity timer for STAS.
How to see the log for Sophos Transparent Authentication Suite (STAS).Allow clientless SSO (STAS) authentication over a VPN.Synchronize configurations between two STAS installations.Configure a Novell eDirectory compatible STAS.Configure transparent authentication using STAS.Group membership behavior with Active Directory.Route system-generated authentication queries through an IPsec tunnel.Configure Active Directory authentication.