Using the Web Application Firewall (WAF), also known as reverse proxy, Sophos UTM on AWS lets you protect your webservers from attacks and malicious behavior like cross-site scripting (XSS), SQL injection, directory traversal, and other potent attacks against your servers. You can define external addresses (virtual webservers) which should be translated into the "real" machines in place of using the DNAT rule(s). From there, servers can be protected using a variety of patterns and detection methods. In simpler terms, this area of Sophos UTM on AWS allows the application of terms and conditions to requests which are received and sent from the webserver. It also offers load balancing across multiple targets.