Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Two UTM's? One for testing? Best Practice? Please advise.. :)

Hi,

Just curious about setting up another UTM for testing purposes.

I want to install Sophos XG alongside Sophos UTM 9. However, I don't want to put Sophos XG in Bridgemode because it'll affect other devices on the home network whilst I'm having fun testing Sophos XG. I'm not sure if this is text book, however this was my interface configuration thought process.

Sophos UTM 9 // NIC / INTERFACE SETUP

  • Eth01 WAN: WAN IP
  • Eth02 HOME LAN Network: 192.168.0.1
  • Eth03 Sophos XG Network: 10.12.0.1

Sophos XG // NIC / INTERFACE SETUP

  • Eth01 Sophos XG Network: 10.12.0.2
  • Eth02 TESTING LAN Network 172.16.0.1

Is it acceptable to have two lots of NAT going on? Traffic will flow from my computer on the 172.16.0.0 network through 10.12.0.0 then get processed again by the UTM 9

Is anybody able to give me some advice on best practice before I head down this path please? I have a feeling it would work, but are there any special considerations to make when doing this?  Many thanks for your support.

NOTE: I've just read a website mentioning double NAT. They recommend disabling NAT on the internal router and just add a static route. Is this the correct way of working? 



This thread was automatically locked due to age.
Parents
  • Hi Phil,

    Interesting curiosity. Nice question. 

    You just need to add a Static Route in your XG to route 172.16.0.0 Network on 10.12.0.1 (at UTM 9).

    Next, you will configure NAT to Masquerade 172.16.0.0 traffic with your WAN IP or Uplink hosts.

    Finally create a Firewall Rule to allow Source 172.16.0.0 Network to WAN destination. 

    And that's all !!

    Hope that helps :)

    Cheers

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • Hi Phil,

    Interesting curiosity. Nice question. 

    You just need to add a Static Route in your XG to route 172.16.0.0 Network on 10.12.0.1 (at UTM 9).

    Next, you will configure NAT to Masquerade 172.16.0.0 traffic with your WAN IP or Uplink hosts.

    Finally create a Firewall Rule to allow Source 172.16.0.0 Network to WAN destination. 

    And that's all !!

    Hope that helps :)

    Cheers

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children