Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 1296 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM connected to WAN port of Wireless router

Paul Mcgraw

Hello all,

 

I want to use my Sophos UTM Home edition as a firewall between my ISP provided fiber gateway and my home wireless router.

I'm providing my setup diagram in the attachement:

0675.hnet.pdf

My setup is as follows:

  1. ISP fiber gateway
    1. ISP provided LAN is 192.168.2.0/24
    2. Sophos UTM is connected to gateway lan port and put into DMZ:
      1. Sophos UTM eth2 obtains public WAN IP and is able to update DynDns hostname
  2. Sophos UTM has:
    1. eth0: 192.168.2.99 (from ISP lan) as my Adminn port
    2. eth1: is defined as HomeNET (where I want to connect the WAN port of the wireless home router
    3. eth2: Public WAN IP (obtained from the ISP DMZ)
  3. HomeNet:
    1. Asus router in router mode ( I do not want it to be set as AP
    2. DHCP server active: 192.168.3.0/24
    3. Clients connect to the wireless router only

Eth1 shows State Down but Link is UP, I'm pretty sure this is due to routing as ETH1 wants to obtain an IP from the wireless router. How would I fix this. Once again I do not want the wireless router to act only as AP.

How would I configure ETH1 in order for it to be seen as WAN interface on the wireless router.

Thank you in advance



This thread was automatically locked due to age.
  • 0

    I'm not sure if its possible.  I recommend reading content heading Sophos UTM: Options for deploying the UTM into your Network

    from https://community.sophos.com/products/unified-threat-management/f/recommended-reads

     

    Good Luck

  • 0 in reply to PatrickLee

    Ok so I modified the wiring, instead of plugging UTM into the WAN port of the wireless router I use one of the LAN ports. Now my ETH1 gets an IP from the wireless router DHCP  (EHT1 is now 192.168.3.99) however I have no internet traffic. So this makes me think its a NAT problem, how would route ETH2 (WAN) traffic to ETH1 (Home LAN)?

    I tried couple of NAT configs but Im not sure if I'm doing it correctly

  • 0 in reply to Paul Mcgraw

    no luck with connecting ETH1 to router lan port.

     

    I really need to figure out how to make the wireless router see ETH1 as a WAN interface. ISP manages to pass through the WAN IP to the router using DMZ, so should UTM?

    Is it even feasable to have UTM before the router? I mean isn't that the point of the firewall to pass all traffic through it before it gets to the router?

  • 0 in reply to Paul Mcgraw

    Hi Paul and welcome to the UTM Community!

    The preferred solution is to not have a double NAT, so I would turn the wireless router into a wireless bridge.

    Next, I would remove the eth1 connection to the ISP's modem and just use the modem in a bridged mode.  There should be some way for you to manage it through the WAN connection of the UTM.  What is the make&model of the ISP's equipment?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML