Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 8595 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT in RED Device

Kris HowsefPenaredondo

Hi,

 

Can network under RED Device natted to the Local LAN of Sophos UTM?

For example

RED Subnet: 172.16.1.0/24

Local: 192.168.1.0/24

Once RED subnet access any sites, it will be natted to a local IP (ex. 192.168.1.5) via SNAT?


Thanks for the response!



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Kris, and welcome to the UTM Community!

    I'm tempted to just give you an answer to your question, but there might be a better solution...

    1. Is the UTM at the edge of your network and does it have a public IP on its External interface?
    2. Is the UTM the default gateway for the devices in your LAN?
    3. How many LAN subnets do you have on how many defined Interfaces?
    4. Is there another router inside your location?
    5. Will the RED subnet only access devices in your LAN(s) or is the RED in "Standard/Unified" mode?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    See answers below in red text.

    Is the UTM at the edge of your network and does it have a public IP on its External interface?

    The UTM has a public IP on its interface. The UTM will be on the second layer of the setup

    Is the UTM the default gateway for the devices in your LAN?

    No. Default gateway of the devices is the core switch and will be forwarded on the firewall on top of the UTM

    How many LAN subnets do you have on how many defined Interfaces?

    /23 in one interface

    Is there another router inside your location?

    Yes. A Firewall on top of the UTM

    Will the RED subnet only access devices in your LAN(s) or is the RED in "Standard/Unified" mode?

    The RED is in Standard/Split mode.

     Thanks,

    Kris

  • 0 in reply to Kris HowsefPenaredondo

    Thanks, Kris.  I don't see any need to NAT traffic from the RED subnet into your LAN as long as your core switch routes all non-LAN traffic to the UTM.  Plus, if the only traffic in the RED tunnel is for your LAN, then there's no need for a masq rule on the External interface.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Kris HowsefPenaredondo

    Thanks, Kris.  I don't see any need to NAT traffic from the RED subnet into your LAN as long as your core switch routes all non-LAN traffic to the UTM.  Plus, if the only traffic in the RED tunnel is for your LAN, then there's no need for a masq rule on the External interface.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML