Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall in front of Router ?

Can someone please tell me whether it is possible, and if so how, to put the Sophos Firewall between the connecting clients and my ASUS Router ?. The reason I ask is I want to have better logging of what sites are being being visited .

Thanks



This thread was automatically locked due to age.
Parents
  • Hi,

    what functions do you use on the router? The XG will quite happily function in front  of the router. You would need to put the router in bridge mode to avoid double NAT or you could put the XG in bridge mode, though for a beginner that adds complexity to your network.

    Ian

    https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/137737/sophos-firewall-home

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks Ian. Look, I am total and utter newbie on firewalls, routers etc but have been on internet since 1997/8.  What I want to ensure is that I

    have proper full logs of which url's are being visited from clients on the network. Quic I know throws a spanner in works. but find even that has sparse info on the url visited, only like "youtube.com" but could be anything.  I have tried and I think may have blocked Quic using Port 443 tcp and udrp and port 80 Udrp ?. Is that correct as understand quic makes logging harder ?.

Reply
  • Thanks Ian. Look, I am total and utter newbie on firewalls, routers etc but have been on internet since 1997/8.  What I want to ensure is that I

    have proper full logs of which url's are being visited from clients on the network. Quic I know throws a spanner in works. but find even that has sparse info on the url visited, only like "youtube.com" but could be anything.  I have tried and I think may have blocked Quic using Port 443 tcp and udrp and port 80 Udrp ?. Is that correct as understand quic makes logging harder ?.

Children
  • The website is very slow at my end this morning.

    To block QUIC you need to block ports 80 and 443 UDP. not TCP otherwise you will block most web traffic.

    The XG has many reports, but depends on how you setup your firewall rules.

    The XG comes in two basic forms, Sophos hardware or your own software, but before going down software path definitely read the link I posted previously.

    The forums will provide help and guidance when you run not issues.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    I would suggest you delete your other post because you are not using Sophos software yet.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks. So Port 443 TCP and UDP   and Port 80 UDP only ?. Is that correct ?

    Cheers

  • QUIC by definition is 443 UDP. You block TCP 443 and you will bock internet access.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.