This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access to WEBADMIN UTM on Local Area Network

Greeting,

What do I need to do to access WEBADMIN which does not sit on the local network? 

Everything works on the UTM 9 .. it's great, but every time I need to configure, I have to physically connect to the box directly.. Bummer.

Basically its like this:  Wifi&lan Router,  DHCP 192.168.1.x   ,, every one connect connects here.  The WAN side of this  Wifi router connects too the UTM 9 Firewall by DHCP   

Webadmin is on 90.0.0.250 (Static IP) DHCP serves 1 ip address (90.0.0.251.

FIBER AT&T External WAN  (Dynamic IP).

 

 

 



This thread was automatically locked due to age.
Parents
  • Hi Fausto and welcome to the UTM Community!

    I don't understand.  Perhaps you could show us a simple, stick diagram with IPs and tell us what IP you're coming from when you want to login.  And are you trying to login to WebAdmin or to the command line?

    Cheers - Bob
    PS Please don't use an anonymizing proxy to participate here.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • This is what I had configured:

    Web-Admin is only available on 90.0.0.250. Every time I needed to configure Web-admin, I had to physically go to the appliance and connect directly to it. Ofcourse, 90.0.0.250 does not resolve in a 192.168.x.x subnet), So I asked how can I get access to it?  DNS? NAT Forwarding, etc.. I did not like the answer.

    What I did was , add another Ethernet interface, (USB/ether DONGLE)  which is now physically connects to the High speed Wifi Router (it also has LAN ports)

    Now I have access to Web-admin from my LAN.  (after I updated the Web-amin settings in Allowed Networks with the new network interface that is connected local.)

  • Ola Fausto,

    like Bob, me either, I don't get your intention in setting things up like you did.

    Sorry, I don't want to be impolite, but to me, this is complete nonsense in terms of IP and routing.

    Questions to get things straight:

    Where does the IP 90.0.0.250 come from? Did you "invent" this?

    What is your external IP? (Shouldn't be too confidential to provide this info here)

    Is that "Cable Modem" really a Modem, is it bridging, or is it routing?

    Do you have a single public IP or did they give you a network? Please give exact details here, so that we can advise you.

    Regards,

    Philipp

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Ola Fausto,

    like Bob, me either, I don't get your intention in setting things up like you did.

    Sorry, I don't want to be impolite, but to me, this is complete nonsense in terms of IP and routing.

    Questions to get things straight:

    Where does the IP 90.0.0.250 come from? Did you "invent" this?

    What is your external IP? (Shouldn't be too confidential to provide this info here)

    Is that "Cable Modem" really a Modem, is it bridging, or is it routing?

    Do you have a single public IP or did they give you a network? Please give exact details here, so that we can advise you.

    Regards,

    Philipp

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
  • The intention is :  Protect my internal network Wifi and Lan by means of a firewall. I choose what ports and application need access. That's it.

    This is what I had:

    CABLE MODEM:  = Feeds IP ADDRESS to the WAN PORT OF MY DLINK HI-SPEED ROUTER, which is then my external IP address.

    I installed using an INTEL ITX MB with dual Ethernet, your UTM 9 firewall In between my CABLE MODEM AND THE WAN PORT OF MY DLINK HI-SPEED ROUTER.

    I told UTM 9 to give this ip address (90.0.0.251) to the WAN of the DLINK. In order to do that, I had to set the Internal Ethernet a STATIC IP, I used 90.0.0.250 and turned on DHCP to serve ONE Ip address, which is 90.0.0251, which my ROUTERS WAN LISTENS TOO, hence its set to DYNAMIC.

    After the configuration of UTM 9. I pass my routers WAN TRAFFIC (90.0.0.251) === UTM9 ===> EXTERNAL IP ADDRESS. Protecting all of my devices on my home LAN and WIFI.

    My internal IP addresses is here: 192.168.1.x , served by the DHCP server built into the  DLINK-ROUTER. I can not access WEB-ADMIN (90.0.0.250). So what I did is add another Ethernet port, gave it an IP not used in my internal network (192.168.1.254), ran a Ethernet cable from this new Ethernet to the DLINK ROUTER, updated the WEB-ADMIN settings and now I can access WEB-ADMIN from my internal network. 

    MY original statement was, how can I access WEB-ADMIN from my internal network when UTM9 is on another.? The answer I got was not acceptable, so I did the above.

     

     

     

  • Bob, do you get it?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • DO you want to get on a WEB EX?

    I will show you.

  • Hello Fausto,

    is THIS your setup at the moment?

    Regards from Germany,

    Philipp

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Yes! You got it.

    Then what I did , I went from the Utm Firewall eth2 "192.168.1.254".. to Dlink lan 1-4.  Know I have access to web-admin.

  • Hello Fausto,

    what's the reason to use that DLINK at all?

    Is this for WiFi?

    Is it that you don't have a LAN-switch at home?

    Regards from Germany,

    Philipp

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • It's one of those high-end dual band wifi 1200mbs, with 8 1gig ports, QOS, VPN .etc...etc. extended range.  I game and stream. My cable is 1gb speed

  • OK, I see.

    Is that WiFi network bridged to the LAN? I mean, do you have the same network addresses on both segments?

    What disturbs me is that pseudo public IP you are using as a transfer net between DLINK and the UTM.

    I know, that you did this to avoid having configuration effort with the DLINK, because it expects a public IP on the WAN side. I guess it auto-establishes a NAT between LAN and WAN and sets a defaultroute for all LAN-members to the WAN-interface as Gateway. Right?

    Funny enough, the 90.0.0.250 and 90.0.0.251 seem to not been given out to public yet. Lucky you.

    Personally, I would reconfigure the DLINK to act as a local gateway without doing NAT. You would have to assign an IP like 192.168.2.1 /24 to the "WAN"-interface of the DLINK and 192.168.2.254 /24 to the  "internal" eth0 of the Sophos. Then 192.168.2.254 is your GW to the internet. Let the DHCP-server inside the DLINK give out addresses to WiFi and LAN with the Sophos as GW and DNS. On the Sophos setup a route to your 192.168.1.0 /24 netwotk behind the DLINK with 192.168.2.1 as the GW. That's it.

    Now you have the Sophos doing the NAT-part and can gain control with firewall/NAT-rules over this.

    The Sophos would do the DNS resolving and forwarding, use the DNS cache to speed things up and so on.

     

    Regards from Germany,

    Philipp

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.