Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 6807 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WLAN thru Sophos to inner network

Zerry Zakman

I had Cisco 5505 for 8 years as my primary FW and now it was time to try something new. I just set up a new home UTM9 to for testing and this system the best ever.

UTM9 has been installed on Qnap TS453pro as virtual machine and it works like a charm. Here is the topology of my system.

The question:

I want to connect from WLAN (phones, tablets) thru Sophos to my inner network into IP-cameras and DVRs. I want to stream RSTP from IP-cameras to my Android phones. When droids are inside the inner network it works but now FW in-between it does not. Also I want to use droids to control tvheadend and qnap. They all work inside but not with sophos. What is the best way to do this? VLAN, firewall rules, ...? And whatever is the solution how to do that in UTM?

Phones and tablets have naturally 4G too and I also want to do the same connections from internet to my inner network when the packets does practically 2 NATs and go thru firewall. Is this the best and most secure way to do this? How do I do the configuring?

Sorry but I am totally neebie with Sophos. I have had this now for about 2 weeks and I really like the system.



This thread was automatically locked due to age.
  • 0

    Hi Zerry,

    I think you need a LAN4 - Any - LAN3 firewall rule to get the two interfaces communicating with each other. 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sackin,

    Thanks for your answer.

    Sorry for the stupid question but but doesn't this solution open the whole inner network to all devices and thus weaken the security? What if I just want certain WLAN IP/mac to access only dedicated inner IPs? How to do that?

    I do not want anyone access my network because WAP serves as guest WLAN too (kinda DMZ).

    How about internet access?  How can I give secure access to my internal network from internet? VPN to firewall?

    -Z

  • 0 in reply to Zerry Zakman

    Hi Z,

    In that case, instead of defining the whole LAN network host in the FW-rule, try object definitions for particular host IP Addresses. Supporse. 192.168.x.x (LAN1) -> ANY -> 172.16.16.x(LAN2).

    For the giving internal access to the remote client, try SSL VPN. Easy and secure.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to Zerry Zakman

    Hi, Zerry, and welcome to the UTM Community!

    One of our unwritten, basic rules here is "one topic per thread" - please open a new thread with an appropriate title for your new question.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML