This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Single UTM to control two separate AWS VPCs

Hello,

 

I have a quick question, is it possible to have a single Sophos UTM which can control and manage two different VPCs in the same region. We have 2 different AWS VPCs in same region lets says EU Ireland. Both VPCs are entirely on different private IP ranges and like few instsances to communicate each other. Is it possible and doable to get this kind of config working ? 

Thanks,



This thread was automatically locked due to age.
Parents
  • This should be possible, but there are too many questions.  As you start this project, come back and ask specific questions when you encounter a difficulty.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    Thanks for the reply but I 'm not getting any headway. I have created 2 VPCs and one VPC has been setup with UTM 9. I do not get any way to select interface in the other VPC as the subnets are different.  Do you have any doco / link which can give more info on the same ? 

     

    We do not want to use VPC peering between the VPCs but if that's necessary to get this working we are open to it as well.  

     

    Thanks

     

Reply
  • Hi Bob,

     

    Thanks for the reply but I 'm not getting any headway. I have created 2 VPCs and one VPC has been setup with UTM 9. I do not get any way to select interface in the other VPC as the subnets are different.  Do you have any doco / link which can give more info on the same ? 

     

    We do not want to use VPC peering between the VPCs but if that's necessary to get this working we are open to it as well.  

     

    Thanks

     

Children
  • I've not used VPC peering, so I can't speak to that, but that might be preferable for your needs.

    If the two VPCs should communicate through the UTM, the problem is the same as hub-and-spoke site-to-site VPNs where Site A and Site C communicate through Site B.  See Hub and Spoke Site-to-Site VPNs.  Is that what you want to do?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    Thanks for this.

     

    Can I implement this architecture with transit vpc concepts.

    As mentioned above,  

    Am using 3 VPCs:- Shared VPC, Transit VPC, and Secure VPC

    I have launched all my Shared Services in my Shared VPC and connected VPN with Transit VPC.

    I need to launch UTM on Secure VPC and all the outbound traffic from Shared VPC need to go through this UTM which is in Secure VPC

    In Transit VPC am using Cisco CSR 1000v.

     

    Plz help me out for this solution.

    Its urgent

     

    Regards,

    Mohamed Jawad | AWS Cloud Engineer - Tensult

  • jawad846 said:
    Its urgent

    heh.  Well, you know what they say about the cloud, right?

  • A diagram would help, as would a description of what you're trying to accomplish.  Maybe the VPN approach is not what you need.

    It seems like Static Routes could work to allow a single UTM to do Webserver Protection for multiple VPCs.  Is that what you're trying to do?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for your valuable time.

     

    Yes, Is it possible by creating site-to-site VPN from the other VPC to sophos instance.

    I had done already, but just want to confirm that Is it a right way to do it

     

     

    Regards,

    Mohamed Jawad