Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 4789 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intervlan routing

Yahyaa Bham
I have my Cisco switch with all my vlans configured and routing working. Now I plan to add a Sophos utm firewall, and will use its ip as the next hop on the Cisco. my question is, with this setup, can the firewall rules on the utm have any affect on the intervlan routing. For example stop one vlan accessing another. Or will the firewall rules only monitor internet traffic ?


This thread was automatically locked due to age.
  • +1

    Firewall rules affect any traffic going through the UTM.

    Every VLAN builds a single Interface.

    if you Need Routing between them but no firewalling you need rules like "Group_all_my_VLAN_Interfacenetworks" any "Group_all_my_VLAN_Interfacenetworks" Permit.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    See #2 in Rulz to understand which firewall rules take precedence over others.  As Dirk says, WebAdmin automatically creates routes between all subnets and IPs defined on UTM interfaces, but you must manage the firewall rules.  If you don't want open traffic between the VLANs with the approach that Dirk suggests, you might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to dirkkotte
    Thanks, guess I’ll change my design to have the routing down through the sophos rather than on the switch.
Unfiltered HTML