This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dedicated Interface for RED Usage

This should be easy but I'm struggling with it within the UTM interface so hopefully someone can point me in the right direction.

We have two Internet interfaces that are already setup as default GW with Uplink balancing.   Our REDs all have both IPs and can connect to either one without issues.  We added a third interface that we want to make the primary for all RED traffic and absolutely NO other Internet traffic.  We don't want anything to ever route out of that IP address and don't want it to be easily discoverable.   

Anything that connects to that IP and isn't requesting the RED traffic ports for the tunnel would be dropped/not respond.

What's the best way to do this since I can't add in the ISPs gateway as a default gateway on that interface?

Thanks in advance

Mike



This thread was automatically locked due to age.
  • Hey Mike,

    I don't recall seeing a request like this before.  My first thought is that you don't want to put this new connection into Uplink Balancing, so not adding a default gateway is the right approach.

    Since configuring a RED automatically causes the creation of firewall rules to allow the desired traffic, I think all you will need then is a Static Gateway Route that uses the ISP's gateway for traffic to your REDs.  No masquerading rule should be needed.

    If you don't want the public IP to be visible, create two NAT rules, in order:

    1. NoNAT : {group of IPs of remote REDs} -> {group of UDP 3410 & TCP 3400} -> {IP of third interface}
    2. DNAT : Internet -> Any -> {IP of third interface} : to {an IP in 240.0.0.0/4} : with auto firewall rule

    Please let us know how that works for you and whether you needed to do anything differently or in addition.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA