Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 6 subscribers
  • Views 4085 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ISP public network to Sophos WAN Port

Singh Varinder

Hi, I'm just about to break my head and can not get on.

I want to use the network of my provider for web servers and other devices on the Sophos SG 210. Unfortunately, I can not build a kind of public DMZ.

I have a network on my FC WAN port Example: 1.1.1.0 / 27

The gateway at the provider is 1.1.1.1 / 27. My Sophos has the 1.1.1.2 / 27. Internet itself works too.

Now I would like to go and another device which should be externally reachable the IP 1.1.1.3 / 27 awarded. This is for example directly connected to ETH4.

How do I configure the sophos, that this 1: 1 passes through or routes?



This thread was automatically locked due to age.
Parents
  • 0

    What about adding 1.1.1.3 as an additional IP on the external interface and then use this additional address in a DNAT rule to forward traffic to the desired host?

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0

    What about adding 1.1.1.3 as an additional IP on the external interface and then use this additional address in a DNAT rule to forward traffic to the desired host?

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
  • 0 in reply to apijnappels

    Hi, Thank you for the feedback. But that is the purpose of the story. I do not want to have a NAT in between. These are devices such as SIP PBX or VPN gateway router

  • +1 in reply to Singh Varinder

    Then you could bridge external interface with another interface, connect a device to the bridged port and configure the right IP.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Thank you so much! that helped me. :)

    how is it when I get assigned a new network from my ISP. Where do I enter the new network? under additional addresses?

  • 0 in reply to Singh Varinder

    No, once you bridge your external interface with another and connect other devices to the bridged interface, you have to edit the other devices ip-settings on that device itself. It's just like your the UTM's bridged ports have become a mini-switch.

    However you do need to add firewall rules, since traffic is traveling interfaces firewall rules are needed!

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to Singh Varinder

    Namaste Singh Varinder and welcome to the UTM Community!

    It sounds like what you want is a "transfer network."  Say your public IP is 217.41.31.21 and your ISP gives you a subnet like 217.41.31.128/29.  Ask your ISP to route that subnet to your primary address and then make an interface named "DMZ" with 217.41.31.128/29 on another NIC.  Now, you can have servers defined with 217.41.31.129-135 IPs that are protected by your firewall and IPS.  You now only need to make a firewall rule like 'Internet IPv6 -> Web Surfing -> DMZ (Network) : Allow'.  WebAdmin configures the routes automatically.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML