I have HASS running on a Docker VM
I have reverse web proxy configured on my SophosXG firewall.
I am able to connect to it perfectly from almost everywhere.
Work, Home, Mobile, etc…
However, there is one location that ALSO has a Sophos XG firewall that can NOT log into my HASS. I get the login screen and then I get the “unable to connect” screen.
I have tried multiple browsers, usernames, and computers from that location and they all fail to connect.
I also tried turning off all of the HTTP scanning and Intrusion prevention policies on the firewall at both ends and it still fails.
I did test temporarily setting up a port forward to 8123 on my home firewall and I am able to log into that from the other firewall location.
So it seems like there is an authentication issue when trying to login to from a site with a sophosXG firewall to HASS that is sitting behind a sophosXG reverse proxy.
Under webserver I have an entry with:
Name HASS
Host: HASS (VM) ← Filled in under hosts and services
Type: Plaintext
Port: 8123
Keep alive: Yes
Disable Backend: off
Timeout: 300
Under Rules and Policies:
Rule Called: HASS WAF
To make it a web server ruleset action to: Protect with web server protection
Hosted Address: Port2 (WAN)
Listening Port: 80
Domains: home.mydomain.com, hass.mydomain.com
Web server: HASS
Separately I also have NAT rules to allow me to connect to port 8123 directly.
Either work for me at the moment.
OK, I have mostly the same config. Really interested in your WAF protection policy setting and if you’ve found a way to only allow the mobile clients and block browser access - user agent perhaps.
I run Sophos XG WAF in front of my home assistant.
The strange thing is that WAF Energy dashboard does not work from WAN access.
On LAN it works just fine.
