I've successfully setup my first SSL VPN for remote access into my network, I can immediately access the listed first subnet, my internal infrastructure. However, I also want to be able to access two other subnets, they're listed in the SSL VPN profile…

I have two internet connections from two different ISPs. Let one be called X and the other be called Y. X and Y are separately connected to a firewall. I use X actively. I want Y to be active when X loses internet connection. Then, when X internet connection…

Hello volks, yesterday I stumbled over a weird new issue. It seems that our NAT masquerading rules are not applied when traffic matches a policy or multipath route (in interface mode). So I tried a traceroute with a port so the trace would match the…

Hi guys, I’m trying to NAT (or DNAT) Single WAN with multiple ports to Internal LAN IPs. Just wondering what’s the best way to do it. Example: WAN 40.12.34.56:1000 to 192.168.1.5 WAN 40.12.34.56:2000 to 192.168.1.6 WAN 40.12.34.56:3000 to 192…

Hello, Today i found something weird on my UTM logs, the client downloaded some files from Internet and i see the the traffic it show opposite direction, the download content should appear as Inbound traffic but below screenshot show totally wrong.…

Hello all 2 part question, We have 2 WAN connections on our UTM with uplink balancing enabled and at the moment all traffic had been configured to go through only one of the interfaces (don't ask, I didn't create this :)). I'm finding that our hypervisor…

Hi! Running an SSG330. I have a strange situation and I am a bit at my wits end. I have a subnet attached to a VLAN interface, which is applied on the Sophos LAN interface. I have setup masquerading for this subnet to the SSG330's External interface…

I realise i should probably looking to the VOIP phone support people, believe me i am on it, but after a recent firmware upgrade of an LG iPECS system what was previously working fine now works intermittently throuhg our Sophos SG UTM. Callers can't be…

Hi all, maybe a stupid question, but i'm struggling here... Our company has got their own domain let's call it: *.yummy.eat, now we've got an external partner hosting a subdomain, let's call it meat.yummy.eat From outside the company network, meat…

Hello dear members, quick question. I would like from A > Any > B also back again B > Any > A Explanation: I would like to be able to reach e.g. with my notebook A the notebook B by Ping and also vice versa. The aktiv Rule: At source it says:…

I`ve client who wants to route specific websites over IPsec tunnel connecting to Mikrotik router. I have done this on Mikrotik routers and its pretty simple there but in Sophos UTM 9 it seems like there is something specific that is required but im missing…

I have several subnets in my local network (for subtenants) and some spare ip addresses in my WAN ip class. I would like to change the outgoing public ip address for some of those local subnets (used by subtenant organizations) and let the rest of the…

Hi, I have several web servers running behind a single Sophos UTM, with two interface: - eth0 > external (x.x.x.7/26) with default GW (x.x.x.1) > Additional addresses > x.x.x.8/26 > x.x.x.9/26 > x.x.x.10/26 > etc - eth1 > internal (10…

For logistic reasons I have configured TWO DISTINCT Sophos UTM on my company: SOPHOS UTM1 (servers): - Internal network 172.16.11.111 (internet DNS server, File server, etc.) - DMZ1 (Internet authoritative DNS servers) - DMZ2 (FTP servers) …

Hello UTMers! Quick question for the geniuses here (I'm talking to you balfson!): What is the proper design of a country code exception that allows SMTP inbound and outbound from all countries? I have seen a bunch of posts on these forums...some say…

Dear all My provider recently enabled IPTV over Multicast. I did try it make it available on my network using Sophos UTMs PIM-SIM. I have worked out all messages on the firewall (IGMP Blocking) and PIM-SIM logs: it seems to connect to the RP. .. but…

Good Morning, i have cluster UTM SG310 with firmware version 9.509-3 WAN IP IS: 1.2.3.4 Additional Address: 1.2.3.5 Internal LAN: 192.168.0.100 MPLS Gateway: 192.168.0.15 Web Server: 192.168.5.19 (Under MPLS) Static Routing configured on…

The main network for the entire organization is 192.168. 168 .x That is VLAN 168 There is a management network on network 192.168. 150 .x That is VLAN 150 Members of the IT Group have workstations on the 168 network (as do all other computers…

Hello All! Does anyone know why a SNAT rule needs to be configured for Radius when sending the traffic over a IPsec connection? To my understanding IPsec should simply encapsulate the packet and send it out the of the WAN interface with a destination…

Hello, I have yet the configuration, that all my Internet Traffic is routed through VPN Router in DMZ. I have the following configuration: Interfaces LAN (Internal Network): 192.168.0.0 /24 DMZ (VPN Service) : 10.0.0..0 /8 WAN: 84.x.x.x …

Sophos UTM Configuration Interfaces External (WAN) 82.x.x.x DMZ 10.0.0.1 /8 Internal (LAN) 192.168.0.1 /24 Network Services - DNS - Global - Allowed Networks DMZ Network LAN Network Forwarders - DNS Forwarders Google DNS…

Hello Friends, I am a new to Sophose, i have sophose UTM9 is installed & company employees are able connect through the Sophose SSL VPN client to Office resource. Am able to ping to SSL VPN client machine & client machine is able to ping my machine…

Hello, as I already realized ist with SSL VPN, I like to send all client traffic via IPSec over the UTM. Does anyone have a sample configuration? Thanks

Hi, sorry, newbie question alert. Set-up UTM 9.502-4 running on "small" PC brick with 3 NICs (Eth0 is hardwired, Eth1 and 2 are USB <> Ethernet dongles) Eth0 (Management NIC) has 192.168.10.250 Eth1 (ISP interface) Eth2 (LAN interface) has…

Hi, I have SG125 currently with one Internet and one LAN network (192.168.5.x). I want to add an extra Internet link to the UTM and use this link for a different LAN (192.168.10.x) which has only camera connected to. The setup I want to do is -…