After some help.
I currently have a Unifi USG as my router. I would like to introduce a Sophos UTM as the USG is very underpowered for IPS and is missing some of the function of the UTM.
So i just want to check my config.
Fibre modem --> Sophos UTM --> USG --> switch etc
The Sophos UTM WAN port is setup as PPPOE, Sophos UTM LAN port - static IP 10.0.0.2/31
USG WAN port - static IP 10.0.0.1/31, USG LAN port setup with 3 subnets/vlans.
On the USG i have disabled NAT, so the Sophos UTM should see all devices. - not sure how i confirm this?
Created the 3 VLANs on the Sophos UTM under Network definitions.
Created a static route on the UTM. All Subnets on the USG --> USG Wan Port 10.0.0.1
DNS - Allowed all the Subnets on USG to use the system as a DNS resolver
Firewall - created a rule to Allow - All --> Any --> All (just for testing)
NAT Masquerading - create a rule - Any --> WAN Interface on UTM
I also created NAT rules to port forward from the Internet to my web server.
Does this all sound right? How do i know if the NAT on the USG is disabled, should the devices show in the UTM?
Also i have setup a managment interface on the UTM which connects to my switch. It seems that any traffic accessing the internet from the same VLAN as the management VLAN goes out through the management interface rather than to the USG and then to the UTM.
This thread was automatically locked due to age.
