To block inbound access from public IP´s, create a DNAT rule to a non-existing destination.
Traffic from: create a list of public IP´s you want to block
Service: Any
Going to: your WAN Address
Destination: a non-existing host (example. 169.0.0.1)
Sophos UTM Web Application Firewall Access control
To prevent access from a specific external IP address you can use the access control from WAF.
Webserver Protection –> Web Application Firewall –> Site Path Routing
Edit the existing rule and activate the Access control. Now you can add the IP address which is to be blocked.
Sophos UTM Web Admin / User Portal published over Web Application Firewall
To publish the WebAdmin portal via the WAF you need to add a virtual host for NAT.
Traffic from: your Firewall
Service: the port from you WebAdmin portal (4444)
Going to: the virtual host (add a host and choose a available internal IP address)
Destination: your Firewall
Service: the port from you WebAdmin portal (4444)
Add a new real Webserver at the Webserver Protection section
Host: the virtual host from before
Type: HTTPS
Port: the port from you WebAdmin portal (4444)
Add a new Virtual Webserver at the Webserver Protection section
Interface: your WAN interface
Domains: choose the certificate for your Domain
Real Webserver: choose the Webserver from before
Don´t forget to enable every created item!
Sophos UTM WebAdmin access from internal network with the public DNS entry
Create a DNAT rule with the following settings.
Traffic from: your internal network
Service: Any
Going to: your public IP (create a DNS Host entry its easier)
Destination: your WAN address
You don’t need additional local DNS entry, use the public entry.