Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 2947 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM Routing between 2 networks

Andreas Schulte

Hello.

 

I have in my esx demo lab the following settings:

DPortGroupDemo (192.168.200.0/24)

 

DPortGroupFreren (172.22.0.0/20)

 

DPortGroupFreren has

an AD Server with DHCP/DNS role with IP 172.22.0.2. That DNS Server forwards to 172.22.0.1 (Fritz! Router). Gateway is 172.22.0.1,too.

One Networkcard from the Sophos UTM with the IP 172.22.1.18

 

DPortGroupDemo

Has an AD Server with DHCP/DNS role with IP 192.168.200.1. DNS Forwarding to 192.168.200.2. Gateway is set to 192.168.200.2, too.

One Networkcard from the Sophos UTM with the IP 192.168.200.2.

 

I need the following.

Routing between both PortGroups must been granted. Except DHCP services. They must stick to their own Portgroups.

DNS must work from DPortGroupDemo -> DPortGroupFreren at least. Both sides would be ok.

Port 1688 must be forwarded from DPortGroupDemo -> DPortGroupFreren. //<<--- Do i just have to place a NAT roule for that?

I tried to add a Firewall Rule ANY - ANY - ANY and thought for test purposes i should be able to connect from the DPortGroupFreren to DPortGroupFreren with RDP. But ping doesnt get through. And RDP Session cant be established.

Here are my settings.

 

Maybe its easy to config for you.. i hope so at least... :) Any help is appreciated!



This thread was automatically locked due to age.
  • +1

    Hi  

    You have configured your PortGroups on your ESX. How do you want to allow it in UTM though? It can be done using the firewall given that UTM Interfaces are configured properly and there's no scope of asymmetric routing.

    Regarding DNS, you should configure the Eth1 network in Allowed Networks for DNS and configure the DNS server from DPortGroupFreren in DNS forwarders, which I see you've already done.

    Regarding Port 1688, you should create a Firewall rule to allow that traffic from the Internal network to Outside. You should also configure the Masquerading rule for that.

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    Hello.

    Thank you very much for your input.

    I had to change my Gateway from the 172.22.0.1 (Fritzbox Router) to the 172.22.1.18 (the IP address of the Sophos UTM).

    But... isn't it possible to use in the DGPortGroupFreren network (172.22.0.0/20) for mostly everything the Gateway of the Fritzbox and the Gateway of the Sophos for just certain cases?

  • 0 in reply to Andreas Schulte

    Hm... Editing not possible?

    Ok. Found the solution. The Interface eth0 (my DGPortGroupFreren) has the Default GW 172.22.0.1. Firewall rules has been changed. Everything works flawlessly now.

    Thank you very much for your input again.

     

  • 0 in reply to Andreas Schulte

    Glad to know that it is working fine now.

    Regards

    Jaydeep

Unfiltered HTML