Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

separate Company HomeOffice from internal Network

I have to seperate two networks using the same LAN Interface running XG in natest version with 1 phyiscal NIC bound to LAN and 1 physical nic bound to wan. The need is that there is no access form Private Network IPs to Company Network IPs and Vice Versa. Both LAN IP Ranges using the same physical network. 

Private LAN: 192.168.1.0/24, Gateway: 192.168.1.5

Company HomeOffice LAN: 192.168.55.0/24 

Company HomeOffice Lan Computers are allowed and should to use the Gateway 192.168.1.5

I tried to configure a separate IP Range: 

And in the Firewall Rules I created a Rule

When assinging a IP Address 192.168.55.2 there is no connection to Internet possible with Gateway 192.168.1.5

What addtional rule do I need?

Is there some routing required and how? 



This thread was automatically locked due to age.
Parents
  • You cannot do what you want this way. You have an interface in 192.168.1.0/24 range and are using 192.168.55.0/24 on the same subnet. Any computer outside 192.168.1.0 network will not be able to directly connect to 192.168.1.5 without going through a router.

    You need a different subnet. Either with an additional physical interface or with a VLAN interface and you would also want to segragate traffic from those networks at layer2 on your switch, so you need a (smart) managed switch with support for 802.1q VLANS or you need a separate switch for the separate subnet.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • You cannot do what you want this way. You have an interface in 192.168.1.0/24 range and are using 192.168.55.0/24 on the same subnet. Any computer outside 192.168.1.0 network will not be able to directly connect to 192.168.1.5 without going through a router.

    You need a different subnet. Either with an additional physical interface or with a VLAN interface and you would also want to segragate traffic from those networks at layer2 on your switch, so you need a (smart) managed switch with support for 802.1q VLANS or you need a separate switch for the separate subnet.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children