My apologies if this has been asked before, I've been searching through the forums for a while now and can't find an answer to it.
We have a client that has a /29 coming in from their ISP
We are using the 1st available IP for all of their network traffic.
We would like to use the last available IP to go to the router provided by one of their vendors. The vendors firewall is configured to use the last public IP and has the gateway set as the next hop (internet providers demarc equipment, which is the same default gateway we are using).
Sometimes in these situations we would just use a small switch or an isolated 3 port VLAN from the existing network gear to allow both routers to access the demarc equipment directly at the network edge. However, in this case we can't do that because of 'reasons'.
There seems to be a few ways to do this in the Sophos UTM. Right now I'm leaning towards changing the External (WAN) interface on the Sophos UTM into an Ethernet Bridge, adding another one of the interfaces from the Sophos to the bridge, and then having the vendor hook up the WAN side of their router to the additional port that is a member of the bridge.
Is this the correct way to handle this situation? We don't care about QoS/Throttling we just don't want to have to try some weird setup that will doubleNAT the traffic. Is there a way to do this using the 'Additional Addresses' in the Sophos UTM instead?
Thanks
This thread was automatically locked due to age.
