Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1043 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG210 - Best Scenario with a Hawai Router (3 Ports)

Amir Gamal

Hello All , 

I have the following components and I need to use sophos SG210 with it : 

1- Hawai Router with three ports and I configured every port with rate limit (30Mbps - 12Mbps - 8Mbps) every port is attached with ethernet port in My Sophos SG210 with a public IP from same subnet and same gateway .

2- Three VLANs attached to 3 ports in My Sophos SG210 represent internal network traffic . 

3- I  need every Vlan to access internet through a definite Public IP in SG210 port attached to the Hawai Router

 



This thread was automatically locked due to age.
  • 0

    Hala Amir,

    Please show us a simple diagram including IPs.  If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical or just in the same subnet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob , 

    thanks for your reply , here is a detailed diagram appreciate your support .

  • 0

    That's great, Amir!  I'm a visual-tactile learner, so I'm lost until I see a picture or a diagram.

    First, I'll answer your question, but then I'll recommend that you do things differently.

    You didn't mention the interface names in WebAdmin, so I'll just call them "Eth1", "Eth2", etc.  Route each VLAN out through the desired interface with an Interface Route like 'Eth4 (Network) -> Eth1'.  Next, add a masquerading rule for each VLAN like 'Eth4 (Network) -> Eth1'.

    If you have a VLAN switch, I would have done this another way:

    • Use a single NIC for Internal and a second for External
    • On the External interface, create Additional Addresses like 'Second = 41.33.183.115' and 'Third = 41.33.183.116'
    • On the NIC for Internal, define three VLAN Interfaces like 'VLAN 1 = 192.168.1.0/24', etc.
    • Connect the Internal NIC to your VLAN switch with a trunk
    • Make three masquerading rules like 'VLAN 1 -> External (Address), 'VLAN 2 -> External [Second] (Address)' and 'VLAN 3 -> External [Third] (Address)'

    Your first idea will work, but it will confuse Sophos Support and make it more difficult for them to help you.  If you don't have a VLAN switch, you should at least use the approach with a single External NIC and Additional Addresses.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML