Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 135 with IP over WAN, in a different network than Alias interfaces

I can have on the same WAN interface, an IP 189.10.10.46/255.255.255.192, with gateway 189.10.10.1.
And several IP Alias on the same interface, only on a different network, 189.10.20.16-189.10.20.30/255.255.255.240?

Alias would be for publishing services hosted on the internal network, such as web server, erp application, e-mail server, etc.

Wait and thanks !



This thread was automatically locked due to age.
Parents
  • Ivanildo,

    Alias IP must use the same subnet of the physical interface.

    Regards

  • I don't know that is entirely true; encountered a customer years ago whose ISP was, in American terms, "lame."  They added additional public IPs using ROTP (Routing Over The Top) …. granted, this was with Sophos SG UTM (may have even been Astaro UTM back then... but to my amazement adding each Alias IP with a /32 worked for publishing inbound services (of course it did not work for outbound, but that wasn't the point)… the ISP did some "Magic" that allowed this to work.  I wasn't a fan of the configuration, but it did work.  Things may be different on XG of course.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • I don't know that is entirely true; encountered a customer years ago whose ISP was, in American terms, "lame."  They added additional public IPs using ROTP (Routing Over The Top) …. granted, this was with Sophos SG UTM (may have even been Astaro UTM back then... but to my amazement adding each Alias IP with a /32 worked for publishing inbound services (of course it did not work for outbound, but that wasn't the point)… the ISP did some "Magic" that allowed this to work.  I wasn't a fan of the configuration, but it did work.  Things may be different on XG of course.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children