Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 39 subscribers
  • Views 23708 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Single nic for just Web Proxy setup

sophosutm

I know I need 2 nics for the firewall but can I still use a single nic setup for just the web proxy?  I have Sophos in a Hyper-V vm and the 2nd virtual NIC is just not connected as my PC only has 1 physical nic..  Running sophos UTM with 1 nic forces it into failsafe mode.

Also, can anyone show me where the documentation is for setting up the client to authenticate to Sophos is.  I downloaded / installed the client authentication client for windows onto my Windows 10 PC and after installing it / rebooting the PC, I am not seeing any connections on the server.  Also, I'm  a little confused on why there seems to be 2 packages for the client, The 'MSI' and the 'Download for windows'.  The admin guide doesn't explain it in detail.  I'm guessing the MSI is for mass deployments but why make 2 packages?

Download for Windows - Enables Users using Windows Operating System to logon to the Device to access network resources and the Internet as per the policies configured in the Device

Download MSI Enables Admins to install authentication clients via Microsoft Installer to multiple user devices to access network resources and the Internet as per the policies configured in the Device.

Do I need to configure my client's IE settings to use a proxy server manually?  Would I need to install the client package for any reason if I only wanted to use the web proxy?

Thanks!



This thread was automatically locked due to age.
Parents
  • 0
    First of all you can have the Sophos XG perform as a Webproxy using a single NIC, If you are running Virtual/Software yes it needs a minimum of 2 Nics to spin the VM, But its not mandatory that you need to use both the NICS you can disable the NIC from the network interfaces.

    Secondly If you would like to use the XG firewall as a Web proxy with just 1 NIC, Just connect the NIC and bridge it with a Physical adapter of the host. Lets say you are running 192.168.1.0/24 network with 20 machines pointing their gateway to 192.168.1.1 and your XG firewall s LAN interface or Port A is connected to the network with 192.168.1.254. create a default route on the XG firewall pointing it to the 192.168.1.1 and create a firewall policy from Source Zone as LAN and Destination Zone as LAN and You can apply the Web filter policy for LAN to LAN traffic and also have all the users authenticate as well at the same time using the sophos Auth Client or the Sophos Captive portal.

    This is a Single Arm mode operation of Sophos XG firewalls. Also if you install the sophos authentication client it will auto discover the XG firewall using the magic IP all you need to do is key in the user credentials and the firewall with authentication if your user record is present in the local database or if you have an AD integration done you will be authenticated.

    Answering why we have 2 client MSI version and a normal client, please also see that there are a lot of environments who does not run Domain environment, so if we just have an MSI version, it would not benifit the SOHO market where they might or might not have a domain environment.

    Thanks,
    Kranthi
Reply
  • 0
    First of all you can have the Sophos XG perform as a Webproxy using a single NIC, If you are running Virtual/Software yes it needs a minimum of 2 Nics to spin the VM, But its not mandatory that you need to use both the NICS you can disable the NIC from the network interfaces.

    Secondly If you would like to use the XG firewall as a Web proxy with just 1 NIC, Just connect the NIC and bridge it with a Physical adapter of the host. Lets say you are running 192.168.1.0/24 network with 20 machines pointing their gateway to 192.168.1.1 and your XG firewall s LAN interface or Port A is connected to the network with 192.168.1.254. create a default route on the XG firewall pointing it to the 192.168.1.1 and create a firewall policy from Source Zone as LAN and Destination Zone as LAN and You can apply the Web filter policy for LAN to LAN traffic and also have all the users authenticate as well at the same time using the sophos Auth Client or the Sophos Captive portal.

    This is a Single Arm mode operation of Sophos XG firewalls. Also if you install the sophos authentication client it will auto discover the XG firewall using the magic IP all you need to do is key in the user credentials and the firewall with authentication if your user record is present in the local database or if you have an AD integration done you will be authenticated.

    Answering why we have 2 client MSI version and a normal client, please also see that there are a lot of environments who does not run Domain environment, so if we just have an MSI version, it would not benifit the SOHO market where they might or might not have a domain environment.

    Thanks,
    Kranthi
Children
  • 0 in reply to Kranthi
    Thanks for the tips but after installing the MSI package for my desktop, I do not see any logs on the client to verify it's connecting. I log in but I don't see any activity in Sophos reports (even live connections) which makes me wonder if it's working at all...

    Are there any logs that I can look at on the client to see what it's doing?

    Can I send you the pics of my setup as I seem to be missing something.

    Thank you!
Unfiltered HTML