Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 8588 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT in RED Device

Kris HowsefPenaredondo

Hi,

 

Can network under RED Device natted to the Local LAN of Sophos UTM?

For example

RED Subnet: 172.16.1.0/24

Local: 192.168.1.0/24

Once RED subnet access any sites, it will be natted to a local IP (ex. 192.168.1.5) via SNAT?


Thanks for the response!



This thread was automatically locked due to age.
  • 0

    Great question, I have the same problem. Hope someone can help out.

  • 0

    Hi Kris,

    I think that is possible via 1:1 NAT because, configuring an SNAT will NAT all the RED source with a single source IP. Hence, if 5 clients jump in from the RED network it will be NATed with a single define IP address in the SNAT policy.

    Try 1:1 NAT and let us know if that works.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin,

    Thanks for the response. One limitation of the setup is that the HQ has limited IPs, hence 1:1 NAT will not be applicable. Just to give you an overview of the setup, there will be 90+ RED devices that will be natted to 1 IP in HQ.  Will SNAT work in this kind of environment?

    Thanks.

  • 0

    Hi, Kris, and welcome to the UTM Community!

    I'm tempted to just give you an answer to your question, but there might be a better solution...

    1. Is the UTM at the edge of your network and does it have a public IP on its External interface?
    2. Is the UTM the default gateway for the devices in your LAN?
    3. How many LAN subnets do you have on how many defined Interfaces?
    4. Is there another router inside your location?
    5. Will the RED subnet only access devices in your LAN(s) or is the RED in "Standard/Unified" mode?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    See answers below in red text.

    Is the UTM at the edge of your network and does it have a public IP on its External interface?

    The UTM has a public IP on its interface. The UTM will be on the second layer of the setup

    Is the UTM the default gateway for the devices in your LAN?

    No. Default gateway of the devices is the core switch and will be forwarded on the firewall on top of the UTM

    How many LAN subnets do you have on how many defined Interfaces?

    /23 in one interface

    Is there another router inside your location?

    Yes. A Firewall on top of the UTM

    Will the RED subnet only access devices in your LAN(s) or is the RED in "Standard/Unified" mode?

    The RED is in Standard/Split mode.

     Thanks,

    Kris

  • 0 in reply to Kris HowsefPenaredondo

    Thanks, Kris.  I don't see any need to NAT traffic from the RED subnet into your LAN as long as your core switch routes all non-LAN traffic to the UTM.  Plus, if the only traffic in the RED tunnel is for your LAN, then there's no need for a masq rule on the External interface.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML