Configure the UTM WAF
Now that you have configured the internal load balancer you can configure the UTM Webserver Protection module so that it listens for HTTP traffic and, after scanning, sends it to the internal ELB for distribution.
To do so, proceed as follows:
-
Log in to the controller UTM and navigate to Webserver Protection > Web Application Firewall.
-
Click on New Virtual Webserver and make the following settings.
-
Name: Enter a descriptive name.
-
Interface: Select the Sophos UTM interface where traffic will arrive on and leave the Type and Port to HTTP and 80.
-
Domains: Enter the DNS name assigned to your public ELB that was created during the Stack creation. This is the URL that you will use for testing.
Note – This can be found in AWS EC2 area in the Load Balancers list. If you have many ELBs listed in this section, you can confirm the correct one by getting the name from the CloudFormation Resources section. Click on the Description tab and copy the full DNS Name shown.
-
Real Webservers: List the internal ELB you have created, which is what traffic will be sent to once scanned. To create a new DNS object for this internal ELB, click on the green Plus icon located to the right of the Real Webservers text. Enter a descriptive name for the Real Webserver and then click on the green Plus icon to the right of the Host field to create the actual DNS host object. Copy the internal ELB DNS name into the Hostname field and enter a descriptive name for this new network definition.
-
Firewall Profile: Choose the Basic Protection firewall profile.
-
Click Save.
-
Enable the new Virtual Webserver by clicking the toggle switch.
The toggle switch turns green.
Note – To the right of the Real Webservers text you’ll see the status of the new internal ELB DNS object you created. It should change to green as shown below in a few moments. If it does not, check your settings as Sophos UTM is not able to resolve the DNS name used.
Virtual Webserver Configuration on Sophos UTM