Network Sophos Web

Set up Sophos UTM WAF with Let's Encrypt

This is a requested one, so will only sum up the important bits. The integrated web application firewall is very powerful. It allows you to host several web applications behind one IP. Both http and https are available. With the latter you can ise the built in LE integration. Try out this fast how-to to get started.

If you plan to use Let’s Encrypt, start by going to Certificate Management, Advanced, and tick Allow.

Allow Let’s Encrypt certificates

Next, create a certificate under Certificates.

Add Certificate
Name: Name of your certificate.
Method: Let's Encrypt
Interface: Where the certificate servers should connect to (WAN).
Domains: This can be one or several domains, the certificate can be used on multiple virtual webservers.

Go to Web Application Firewall, Real Webservers, and create a new server.

New Real Webserver
Name: Can be anything you want.
Host: Where your actual web server is.
Type: If the traffic is encrypted or not. It can safely be HTTP here, we will encrypt later.
Port: Port of your web service on the specified host.
Advanced: Leave default.


Go to Virtual Webserver and create new.

New Virtual Webserver
Name: Can be anything you want.
Interface: Where the traffic comes from (WAN).
Type: How you want the traffic to hit your WAF. Encrypted and redirect will redirect http to https.
Port: What you want to expose from the Internet.
Certificate: Your created certificate.
Domains: Check only the domains your want to associate with this web server.
Real Webserver: The real web server created earlier.
Firewall profile: Advanced features for a later time.
Theme: If you use Firewall profiles.
Advanced: Pass host header may be required by some web servers.


At this point you can enable the servers and be able to access your web application using the domain(s) used.

Hardware Network Software Sophos

Sophos UTM

Yes! I have been looking forward to this one. In the following weeks I intend to publish a series of informative guides on Sophos UTM. My experience with XG is limited, but I have over five years of everyday configuration of the UTM.

My latest buy for the lab is a Sophos SG 330 which I plan to get working with a Home License. Lets see how it goes.

To be continued…

I have attached the brochures for anyone to see here, great read. 

Sophos SG Rev. 1

Sophos SG Rev. 2

Sophos SG Rev. 3

Sophos XG Rev. 3