This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM is doing NAT + Firewall ? or just Firewall ?

Hi to all,

 

I use standard device who is doing NAT, if i replace this device by Sophos UTM, does i still have NAT function if i replace it with Sophos UTM Home Ed. ?

Does Sophos UTM integrate NAT function and Firewall ? Does it is mandatory to keep NAT function behind WAN ?

I'm currently testing it and it seems to offer both functionnality as default, but i would like to be sure.

 

 

Many thanks. 



This thread was automatically locked due to age.
  • Are you serious? NAT do even a cheap adsl-modem

  • Yes, i am, i dunno the Sophos UTM function and the things already integrated or not.

  • On a short note, a UTM will do more than most ever need.

    So all types of NAT & Firewall although it can seem to work in mysterious ways at times which is often due to lack of understanding or misconfiguration.

    It's a wonderful beast if you do use most of the features although for home, you won't go anywhere near what it's capable of.

    Read the Rulz on here so you don't get caught out with the proxies etc

     

    and as Oldeda was alluding to, this ain't no cheap home firewall and may take a bit of a learning curve coming from one.

  • Does NAT + Firewall is enabled by default ? Nothing to do ?

    NAT + Firewall can cohabit together ?

    Behind WAN, we must have both activate ?

    Sorry but i didn't have specific knowledge on firewall system.

  • Yes UTM can do it. Firewall + NAT

  • Hi,

    the UTM does not do NAT by default, you need to either add a MASQ or SNAT/DNAT rule.

    The UTM http proxy does not use a NAT rule it is a true proxy.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Does it have sens to have NAT + Firewall behind WAN (front-end) or not ?

    I would like to know if NAT + Firewall can improve security...

     

    Concerning Proxy, i didn't see this feature into admin interface, where is it located ? does it's enabled by default ?

    I don't like http proxy, it not usefull for my home usage i figure.

     

    Best Regards.

  • Hi

    NAT gives a false sense of security, it does not improve security, just allows the same IP address ranges to be used in many locations without causing major DNS issues. NAT was implemented when the IP(4) address ranges were running out. NAT was not part of the original IPv6 implementation, but has been added.

    HTTP proxy is very useful in your home application, no different to a business, you can scan web pages for content issues, virus, malware, applications you don't want to be used on your network.

    You also have a mail proxy and can use the UTM as a mail relay agent added security.

    Added security is by enabling the DNS and NTP proxy type functions on the UTM. They provide real isolation of local devices.

    On the UTM nothing is enabled by default except to block. You must make a conscious decision to allow traffic through your firewall.

    You need NAT if you use 10.x.x.x, 172.16.x.x or 192.168.x.x address ranges otherwise not required.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I hate NAT..... try going via 4 networks where each hop needs natted. And yes, you're quite right, it gives a false sense of security as once a connection is initalised from within, NAT's not going to do much in terms of stopping it.

    And when you think about all those home routers out there just using NAT.... well what more can I say?

    This is where I think most ISP's will eventually go to a customer peering with them and the ISP dealing with the security. And the geeks will have to request an opt out or go to a different ISP to do their own security.

  • Many thanks for your answer.

    I plan to have a true DMZ with both UTM, so two different lan, see below, so does it make sens to NAT ?... or it can be better to do not use it ?

    Could tell me more about DNS and NTP proxy functions, what they can offer to me, need some use case to understand the interest ?

     

                              

    Thank you in advance for your advise.