Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Attachments with more than 1 MB rejecting by WAF

Issue:

Customer is accessing email server through web application firewall protection in sophos XG firewall. When customer is sending emails that are greater than size 1MB, they were getting failed.

Troubleshooting:

Whenever users sending attachments through WAF, by default it will allow size below 1MB. If the size of attachments greater than 1MB, emails will be failed to deliver. So we need to increase the default size of attachments through WAF.

To resolve this issue we need to identify which web protection template is being used by the firewall. First we need to login to sophos XG firewall GUI.

Click on the Rules and Policies and click on Firewall Rules tab. Identify the web application firewall rule for outlook.

Firewall Rule Template
WAF template

Identify used WAF template under preconfigured template section as shown in above image.

Now login to firewall CLI. You can use following article for the same

SSH

Type number 5 (Device Management) and then option 3 (Advanced Shell)

Enter this command which will check size associated with each template:

psql -U nobody -d corporate -c “select name,id,sec_request_body_no_files_limit from tblwafsecurityprofile;”

The above command will display WAF templates and concerned sizes. The sample output will be as shown in below image.

WAF policy
WAF template size

As shown in the image, WAF template size will be by default 1048576 bytes equal to 1 Mega Byte.

We have identified preconfigured template on the firewall rule, now identify the ID of specific WAF template.

Execute this command:

psql -U nobody -d corporate -c “update tblwafsecurityprofile set sec_request_body_no_files_limit =”52428800″ where id =”2″;”

Here i have used ID=2 because i am using Exchange General WAF template.

Increase Size
Increase Size

After executing the above command, validate whether size of WAF template is increased by executing this below command again :psql -U nobody -d corporate -c “select name,id,sec_request_body_no_files_limit from tblwafsecurityprofile;”

Then execute the below command to update the WAF configuration by executing the below command:

opcode waf_reconfig -t json -b ‘{“Entity”: “waf_advanced_config”, “Event”: “UPDATE”}’ -ds nosync

The above command will update WAF changes.

Hope this article helps you.