Hello!
I'm run Sophos UTM9 on esxi, VM configured with 2 NIC. WAN and LAN.
From ISP side we have two public IP /28 networks/ For example 1.1.1.48/28 and 2.2.2.16/28
WAN config:
IP 1.1.1.50
Mask 255.255.255.240
FW 1.1.1.49
From LAN side Sophos connected to core switch. Switch perform inter vlan routing. Both connected to dedicated vlan 254
Sophos LAN IP - 192.168.254.1
Swich IP - 192.168.254.2
Users placed in different vlan's:
vlan 100 - 192.168.1.0/24
vlan 100 - 192.168.2.0/24
vlan 100 - 192.168.2.0/24
After basic setup I added to Sophos
1. Static Route -> Network 192.168.0.0/16 -> Route to 192.168.254.2
2. Firewall Rule - Network 192.168.0.0/16 -> Any -> Any permit
3. Nat Rule's vlan100 -> External (WAN), vlan200 -> External (WAN), vlan300 -> External (WAN)
All work fine.
Now I need to route each vlan network to internet via dedicated public IP. For example:
192.168.1.0/24 via 1.1.1.51
192.168.2.0/24 via 1.1.1.52
192.168.3.0/24 via 2.2.2.19
I add additional ip to WAN interface and edit nat masquerading rule for vlan102:
192.168.2.0/24 -> Interface WAN -> use address 1.1.1.52
But traffic from this network detected with public IP 1.1.1.50 (WAN primary IP)
what am I doing wrong ?
This thread was automatically locked due to age.
