Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 39 subscribers
  • Views 23705 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Single nic for just Web Proxy setup

sophosutm

I know I need 2 nics for the firewall but can I still use a single nic setup for just the web proxy?  I have Sophos in a Hyper-V vm and the 2nd virtual NIC is just not connected as my PC only has 1 physical nic..  Running sophos UTM with 1 nic forces it into failsafe mode.

Also, can anyone show me where the documentation is for setting up the client to authenticate to Sophos is.  I downloaded / installed the client authentication client for windows onto my Windows 10 PC and after installing it / rebooting the PC, I am not seeing any connections on the server.  Also, I'm  a little confused on why there seems to be 2 packages for the client, The 'MSI' and the 'Download for windows'.  The admin guide doesn't explain it in detail.  I'm guessing the MSI is for mass deployments but why make 2 packages?

Download for Windows - Enables Users using Windows Operating System to logon to the Device to access network resources and the Internet as per the policies configured in the Device

Download MSI Enables Admins to install authentication clients via Microsoft Installer to multiple user devices to access network resources and the Internet as per the policies configured in the Device.

Do I need to configure my client's IE settings to use a proxy server manually?  Would I need to install the client package for any reason if I only wanted to use the web proxy?

Thanks!



This thread was automatically locked due to age.
  • 0

    It appears that the web proxy isn't allowed to work on the WAN interface so it would appear that I am forced to use 2 NICS.
    Objects > Identity > Zone

    Is there any possibility to use both NICS on the same subnet / ip range? I am trying to get this to be used @ home and like most people, I only have 1 network. How do you expect people to use this with only 1 network?

  • 0
    First of all you can have the Sophos XG perform as a Webproxy using a single NIC, If you are running Virtual/Software yes it needs a minimum of 2 Nics to spin the VM, But its not mandatory that you need to use both the NICS you can disable the NIC from the network interfaces.

    Secondly If you would like to use the XG firewall as a Web proxy with just 1 NIC, Just connect the NIC and bridge it with a Physical adapter of the host. Lets say you are running 192.168.1.0/24 network with 20 machines pointing their gateway to 192.168.1.1 and your XG firewall s LAN interface or Port A is connected to the network with 192.168.1.254. create a default route on the XG firewall pointing it to the 192.168.1.1 and create a firewall policy from Source Zone as LAN and Destination Zone as LAN and You can apply the Web filter policy for LAN to LAN traffic and also have all the users authenticate as well at the same time using the sophos Auth Client or the Sophos Captive portal.

    This is a Single Arm mode operation of Sophos XG firewalls. Also if you install the sophos authentication client it will auto discover the XG firewall using the magic IP all you need to do is key in the user credentials and the firewall with authentication if your user record is present in the local database or if you have an AD integration done you will be authenticated.

    Answering why we have 2 client MSI version and a normal client, please also see that there are a lot of environments who does not run Domain environment, so if we just have an MSI version, it would not benifit the SOHO market where they might or might not have a domain environment.

    Thanks,
    Kranthi
  • 0

    I'll give it a go and let you know.  Sorry but I was never notified you responded :(

  • 0

    ok, I have setup the windows client on my Windows 10 OS and was able to use an account that I did not create in Sophos. The client doesn't produce any errors nor can I find any logs to see how the client is working. Are there any client logs?

    In addition, I setup the server as you mentioned and I even have a Deny all traffic policy as the #1 rule yet I still can access the internet and the server is not showing any connected users. Would it helped if I exported the config settings?

    Port A
    Network Zone LAN
    Static IP

    Port B
    Network Zone WAN
    Static IP
    Gateway Name: DHCP_PortB_GW
    Gateway: 192.168.1.1

    I'll try swapping Port A to WAN and see if that does anything but I don't think so.


    Any thoughts? Thanks!

  • 0 in reply to Kranthi
    Thanks for the tips but after installing the MSI package for my desktop, I do not see any logs on the client to verify it's connecting. I log in but I don't see any activity in Sophos reports (even live connections) which makes me wonder if it's working at all...

    Are there any logs that I can look at on the client to see what it's doing?

    Can I send you the pics of my setup as I seem to be missing something.

    Thank you!
Unfiltered HTML