Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Passing through external IPs

Hi all,

Hoping I can get pointed in the right direction!

We have an opportunity to provide networking for a managed office, as part of this they want to be able to offer the protection that the XG can do. - That is simple enough and I can create VLANs, Zones, etc. 

The bit that I am struggling with is they have multiple external IPs, which I need to pass through to their customers with no NAT

Let's say they are using 1.1.1.0/28 which is provided by the ISP

Our firewall will be 1.1.1.2 with a GW of 1.1.1.1 (ISP)

Customer A firewall will be 1.1.1.3 with a GW I believe of our XG (1.1.1.2)
Customer B firewall will be 1.1.1.4 with a GW as above and so on.

I need to be able to pass these external IPs through our firewall, skipping NAT and all protection, EG to the customer's device it is an external IP and behaves the same way.

I need to be able to QOS these IPs to the internet package that is chosen and also have the ability to pass the external IPs over a VLAN on our network to the customers end device rather than using a physical port on the XG (again simple enough I guess what I am asking is does the XG supports this)

Cheers! 



This thread was automatically locked due to age.
Parents
  • Hi Alex,

    This should be possible with "Deploy Sophos Firewall in bridge mode"
    doc.sophos.com/.../index.html

    But if possible, i would always prefer routing mode. (needs an additional public IP-range or NAT)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Ok, if I place the device in bridge mode, I assume I can still create additional Zones and "local Lans".
    Because if I used Routing mode with NAT, the customer would not get a true "external IP" as I understand it?

    Can you give me a bit more information on the additional Public IP-Range, do you mean an additional subnet on top of the subnet provided by the ISP?

Reply
  • Ok, if I place the device in bridge mode, I assume I can still create additional Zones and "local Lans".
    Because if I used Routing mode with NAT, the customer would not get a true "external IP" as I understand it?

    Can you give me a bit more information on the additional Public IP-Range, do you mean an additional subnet on top of the subnet provided by the ISP?

Children
No Data