Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 1701 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy Based Routing

Brett Enniss

Hi,

I am new to Sophos UTM setup but I have been asked to set up policy based routing to route traffic on ports 80/443 through a proxy server (diagram shows required setup), don't really know where to start, any assistance would be greatly appreciated.  Sophos in question is an SG310 on firmware version 9.510-5 and is currently setup as E0 - LAN and E1 - WAN

Brett



This thread was automatically locked due to age.
  • 0

    Hi Brett and welcome to the UTM Community!

    You will need firewall rules allowing browsing requests from the LAN to reach CH and allowing the proxied requests from CH to "Internet IPv4."

    You definitely need a policy route to get the browsing requests to the CH unless all of the devices on the LAN are configured to use CH explicitly.  If CH doesn't masq the LAN IPs with its own IP, you will need a Policy Route for browsing responses arriving from the Internet.

    Can you provide more detail?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

     

    Thanks for your Reply.

    In response to your queries, not all devices on the LAN are configured to use CH explicitly and  Ch won't masq the LAN  IPs with its own IP.

    Not sure what other detail I can provide, any suggestions as to what additional information would help.

     

    Regards

    Brett

  • 0 in reply to Brett Enniss

    You're right, Brett, you will need two routes:

    Gateway Route : LAN (Network) -> {HTTP/S} -> Internet : via {CH on eth6}
    Gateway Route : Internet -> {HTTP/S responses} -> LAN (Network) : via {CH on eth7}

    Note that HTTP = 1:35565->80 and that the response is 80->1:35565

    Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML