Help. Interface loopback to receive fixed IPs from Internet Provider.

Hi Omar Zagnoli 

You may configure an additional address for the interface and see if that works. It does for other users with the requirement you have. You may check this video https://www.youtube.com/watch?v=0w2kCp7gn34 or please checkout page 159 om this Administration Guide: https://docs.sophos.com/nsg/sophos-utm/utm/9.6/pdf/en-us/administration-guide-9.600.pdf. Hope this helps.

Hi Omar Zagnoli 

You may configure an additional address for the interface and see if that works. It does for other users with the requirement you have. You may check this video https://www.youtube.com/watch?v=0w2kCp7gn34 or please checkout page 159 om this Administration Guide: https://docs.sophos.com/nsg/sophos-utm/utm/9.6/pdf/en-us/administration-guide-9.600.pdf. Hope this helps.

Thanks for the answer. 
Unfortunately it is not that simple.
I've already tried this solution.
As I understand, the provider will inject / provide the public IP addresses (138.121.x.x) using the loopback interface configured with private addresses (10.255.x.x).
It's necessary to create a kind of uplink / VLAN between Sophos UTM and the provider's internal network (10.x.x.x) so that it can inject / provide the public IP addresses.

Any configuration ideas?

Olá Omar,

Please show us pictures of the Edits of how you tried Jaydeep's suggestion.

Cheers - Bob

Hi Bob,

well...

I'll give you more information to make the situation as clear as possible.

I am changing the internet link connected in a Sophos UTM that is on the other side of the Ocean. I'm in Portugal while Sophos UTM is in Brazil.

I am using the old internet link to configure the new link, which is already connected in Sophos UTM. Because of this, I set up both links in uplink balancing.

When the new link is set up and active, I will disable uplink balancing and leave only the new link to work.

The interface configuration is as follows:


In addition I added both public addresses to the interface:

And I set up uplink balancing:


The uplink state is:
 

The interface status is:


I've already deleted and reconfigured the new link interface and additional addresses without result.

The link may not work for some reason linked to uplink balancing but I cannot disable the old link because I am connecting in Sophos UTM through it and if the configuration on the new link doesn't work, I will leave the company down without being able to reconnect and reconfigure.

I'm studying the possibility of connecting to the company through a different internet connection (a simple VDSL) using TeamViewer on a company computer and from there access the UTM.

In your opinion should this interface configuration work?

Thanks, I'm a visual-tactile learner and need to see pictures and diagrams to get an intuitive feel for things.

If the UTM is configured to allow ICMP/pinging, then I think you will also need to configure OSPF and, probably, BGP.  Please show a picture of the 'ICMP' tab in 'Firewall'.

Cheers - Bob

Hi Bob,

Here it is:

If also selecting 'Allow ICMP on gateway' doesn't resolve this for you, Omar, I bet you'll need to configure OSPF/BGP.  My guess is that your ISP is querying to see if your connection is active and does not receive an answer and so does not route those public IPs to you.  If it is receiving an answer, then my guess is that you're stuck with OSPF/BGP.  Who is the ISP?

Cheers - Bob

Hi Bob,

http://vilalink.com.br/

It's a relatively new internet provider. He provided me with a fiber optic connection to UTM.

The old provider gave me the public IPs directly, but I had to install their edge router in front of UTM. 
In this case the link goes straight into UTM.

So I need UTM to play the role of edge router.

The question is: does Sophos UTM have the necessary features for this type of connection?

I was able to connect to a machine in the company through TeamViewer using a VDSL line.

This way I am able to connect to UTM without going through the link.

So now I have more freedom to test settings, shut down interfaces, etc.

Honestly I'm thinking of having the ISP install their edge router (if possible configured as a bridge) in front of UTM to get the link and public IPs.
I don't like this kind of redundancy ... I think it's unnecessary ... but if I can't configure UTM to deal directly with the link I will have to go down to appointments with the Provider.

If anyone has any ideas ... will be welcome.

Using the ISP's edge router will be cheaper than paying a consultant to configure this for you, Omar.  This is just not something that has been discussed here before.

Cheers - Bob

Hi Bob,

I reached an agreement with the internet provider.

He directly provided me with the public IPs to configure on the UTM WAN interface.Here's what the WAN interface.

Here's what the WAN interface configuration looks like:

Now the configuration is pretty much identical to the one being used with the old link.
The only difference is that in the old link there was an edge router in front of my UTM while now the provider link arrives directly inside the UTM.
Since I am not communicating with the Internet and I am not able to ping the public IPs configured on the WAN interface from the Internet here is the question:
In the old link it was not necessary to create a static route.
In this case I need to create a static route? what kind? interface or gateway?