Set up Sophos UTM WAF with Let's Encrypt

This is a requested one, so will only sum up the important bits. The integrated web application firewall is very powerful. It allows you to host several web applications behind one IP. Both http and https are available. With the latter you can ise the built in LE integration. Try out this fast how-to to get started.

If you plan to use Let’s Encrypt, start by going to Certificate Management, Advanced, and tick Allow.

Allow Let’s Encrypt certificates

Next, create a certificate under Certificates.

Add Certificate
Name: Name of your certificate.
Method: Let's Encrypt
Interface: Where the certificate servers should connect to (WAN).
Domains: This can be one or several domains, the certificate can be used on multiple virtual webservers.

Go to Web Application Firewall, Real Webservers, and create a new server.

New Real Webserver
Name: Can be anything you want.
Host: Where your actual web server is.
Type: If the traffic is encrypted or not. It can safely be HTTP here, we will encrypt later.
Port: Port of your web service on the specified host.
Advanced: Leave default.


Go to Virtual Webserver and create new.

New Virtual Webserver
Name: Can be anything you want.
Interface: Where the traffic comes from (WAN).
Type: How you want the traffic to hit your WAF. Encrypted and redirect will redirect http to https.
Port: What you want to expose from the Internet.
Certificate: Your created certificate.
Domains: Check only the domains your want to associate with this web server.
Real Webserver: The real web server created earlier.
Firewall profile: Advanced features for a later time.
Theme: If you use Firewall profiles.
Advanced: Pass host header may be required by some web servers.


At this point you can enable the servers and be able to access your web application using the domain(s) used.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.