Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using with ONE LAN interface GATEWAY

Hello,

I try@home to migrate from UTM zu SFOS. On the good old UTM there was only one LAN Interface. This was the gateway for some PCs.

At the network configuration on the UTM, I configured the real-router-getway as gateway in this one UTM NIC. It has worked.

Now at SFOS I cant configure a gateway at the LAN (also only one NIC) interface.

What would be the 1:1 configuration for SFOS like the UTM was?

best regards

michael



This thread was automatically locked due to age.
Parents
  • Hi,

    I'm a bit confused by the design.
    you place 2 doors within the same network and hope your users & devices use the correct one?
    Some other applications may "see" the other door and ignore the correct way.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Moin, its only for home-use and family. Theoretically every smartphone via USB on a PC is a door :-) They have no local admin/root-rights on the devices, so the GW is 'secure'. The main use-case are the proxy-blacklists.

  • While your setup may fit your needs and they have no local admin on the devices they might be able to start their devices with a linux live environment and go directly to the fritzbox as gateway.
    Why not simply add a 2nd NIC in the machine and do proper LAN to WAN routing with no easy options to bypass the firewall (other than physically plugging cables)?


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • For routing I need 2 different networks. But I wont change all LAN Client-IPs and I will not change the IP of the Fritzbox-Router and the Router can only handle 1 IP on its LAN Interface. To be really secure I also need a tresor to prevent plugin a RJ45 Cable to the Router, better a MDM, NAC, glue up all USB-Ports and lock up all pc-housing, authenfication only with an RFID Implantat to every family members forehead.

  • Sure, you could do all that. But I see now you don't want anything to change and are not willing to change LAN Client IP's which may all have static IP's now to have a reservation in the DHCP server so they still have a "fixed" address.

    We just tried to advise you on a situation that would give better protection and would make better use of the capabilities of the firewall. If that is not what you are looking for then I think in that case Lucar Toni's answer might be your best option.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • Sure, you could do all that. But I see now you don't want anything to change and are not willing to change LAN Client IP's which may all have static IP's now to have a reservation in the DHCP server so they still have a "fixed" address.

    We just tried to advise you on a situation that would give better protection and would make better use of the capabilities of the firewall. If that is not what you are looking for then I think in that case Lucar Toni's answer might be your best option.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children