This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Home - Set up with existing Cable modem and WLAN router

Hi there, i seek advice on how to set up an UTM behind an existing Archer C7 WLAN router, that is connected to the WAN of an existing cable modem (no special functions like wlan, just providing internet and connected with an ethernet cable to the WLAN router). 

I would like to try out the UTM, which I install on a spare PC that has a build in NIC and - if neccessary - an additional USB to RJ45 adapter. 

My goal is to have all the traffic from all my devices routed through the UTM instead through the wlan router. I have plenty of wlan devices, and some LAN devices. How can in configure the wlan router, in order to keep using it for wlan? i do not want to replace it with an additional AP, because the wlan signal and speed of the archer c7 wlan router is quite good. 

Can I turn of the DHCP server on the wlan router, and have it enabled in the UTM in order to have the wlan devices connect to the wlan router, but have their traffic routed through the UTM? 

The WLAN router has the following functions: DHCP server, DYNDNS login, static ip reservation of ip addresses via MAC address, and then the standard NAT function and basic "firewall" functions that are build in the normal tp-link routers.



This thread was automatically locked due to age.
  • There are several things you can do, however using a USB to RJ45 adapter will most likely not work due to a lack of drivers inside UTM.

    If you want to keep you current router and you would like the wireless clients to be protected by UTM you need to place the UTM in between the cable modem and your current router. You can choose to use the UTM as a separate router/firewall (that does NAT from outside to inside) but then you will have double nat which can bring some trouble depending on services you would like to use (ie. VPN).

    If you can setup your current router as a bridged connection (and still keep WLAN), then you can disable DHCP and all connected devices will get an IP-address from the UTM's DHCP-scope (it must be set-up of course).

    What you could also do is place the UTM behind the current router and connect all fixed devices behind the UTM. In this case however your wireless clients will not be protected by the UTM, but they are completely separated from the fixed devices.

    So quite a lot of possibilities depending on what you want, but the best setup IMHO is to use the UTM as the first device behind the cable modem.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hi, thank you for your reply. You wrote:

     

    If you can setup your current router as a bridged connection (and still keep WLAN), then you can disable DHCP and all connected devices will get an IP-address from the UTM's DHCP-scope (it must be set-up of course).

     

    Does that mean that the connected WLAN devices would also be protected by the UTM if I would go this way? 

  • Chris Jones9 said:

    Hi, thank you for your reply. You wrote:

     

    If you can setup your current router as a bridged connection (and still keep WLAN), then you can disable DHCP and all connected devices will get an IP-address from the UTM's DHCP-scope (it must be set-up of course).

     

    Does that mean that the connected WLAN devices would also be protected by the UTM if I would go this way? 

     

    Yes, correct since the UTM will be the between your cable modem and your router so all traffic will also need to travel through the UTM.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • No, i meant if i put the UTM after the Router on a free LAN port of the router.

     

    But that makes sense, that i put the UTM before the router. I just have to figure out the correct settings and setup (my first UTM playground...)

  • The easiest setup to start with is to have the UTM completely transparent in between the cable modem and your current router (bridged in between). That is also how it will sometimes be implemented during a Proof of Concept phase where the UTM's primary function is to NOT interfere with the current setup where it can still monitor and report about the traffic.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • apijnappels said:

    The easiest setup to start with is to have the UTM completely transparent in between the cable modem and your current router (bridged in between). That is also how it will sometimes be implemented during a Proof of Concept phase where the UTM's primary function is to NOT interfere with the current setup where it can still monitor and report about the traffic.

     

     

    Thank you for your reply, i will try to setup UTM and my network accordingly.

  • Unfortunately, my setup does not work. 

     

    I have set the UTM directly between the cable modem (that provides me with a dynamic IP address from my ISP) and my archer c7 wlan router. 

    I then bridged eth0 (lan) and eth1 (wan) on the UTM and i see that eth1 gets an external IP from my ISP. First, I set up eth1 as a normal ethernet connection with no bridge, it got the external IP, then i bridged it with eth0, it says that br0 has been created with the two NICs and i still see the external IP on that eth1 dialog.

    I deactivated DHCP server on my wlan router an put the bridged UTM eth0 port in the wlan router, and eth1 of the UTM is being connected to the cable modem obviously. 

    I cannot get any device that is connected to the wlan router to have access to the internet, there is always that yellow exclamation mark on the network icon in the windows task bar. the IP of the clients is correctly assigned via DHCP server from the UTM (IP 192.168.0.50, SUB 255.255.255.0, GW 192.168.0.8 (internal network))

    On the other hand, if i try to connect my laptop directly to the eth0 port of the UTM, it also has no connection to the internet. I can access all my internal devices like my NAS.

    But i even cannot ping or DNS web site addresses in the UTM menu support > tools. so I guess my problem has something to do with the internal routing? 

    The UTM is freshly installed and setup with the installation wizard, the default firewall rules apply (internal devices allowed to connect to the outside), the masquerading ist setup as default, for internal LAN --> external WAN. there is no NAT rule applied. 

    The DHCP server is set up, the DNS settings are: internal network for DNS reverse and empty settings for DNS forwarder (there are shown 2 DNS entries provided by the ISP). I also have an internal DNS forwarder for ad blocking (pihole), that i have not yet integrated into my setup.

    I also tried to add the permisssion to the firewall rule "any IP --> any service --> any IP" when in bridge mode, still no success. 

    The UTM works internally, but does not communicate with the outside world, but it gets the ISP IP. Oh, and i get firewall log entries from the outside, hammering onto my external IP and being blocked, there was even a SSH login attempt. 

     

    any clues? 

  • Did you define a masquerading rule?

    Network protection/Nat/masquerading

    Internal_port2 is the lan network (not address or broadcast object, but network object). And interface is internet/wan pointing interface.

  • Jay Jay said:

    Did you define a masquerading rule?

    Network protection/Nat/masquerading

    Internal_port2 is the lan network (not address or broadcast object, but network object). And interface is internet/wan pointing interface.

     

     

    Hi Jay Jay,

     

    that masquerading rule is set up by default if i am not wrong. There is a default rule that says "internal network --> external network (wan)

  • No need to quote when replying to a post directly above.

    Yes, that is a default rule if you went through the setup wizard.

    Next step to check is the interfaces.  That is, is your wan interface getting a public ip/gateway?

    If it's not getting an IP for external_wan, need to figure out why.