This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM not seeing any traffic from new interface

I've added an addition interface to our UTM to setup a DMZ. I am unable to get the UTM to acknowledge any traffic on this new interface.

Clients in the DMZ network can communicate with each other, but cannot ping the UTM's interface IP, cannot get access to the Internet, and do not show up at all in the packetfilter.log

The existing Internal network interface has worked for many years without issue.

UTM interfaces

  1. Internal - 192.168.0.1/24
  2. Internet - ISP assigned public IP
  3. DMZ - 10.225.0.1/29

UTM Configuration

  • Interfaces & Routing
    • Static Routing
      • Interface route > DMZ Network (10.225.0.0/29)
  • Network Protection
    • Firewall
      • DMZ (Network) > Any > Internet IPv4
    • NAT
      • Masquerading
        • DMZ (Network) > Internet Interface

I thought with the DMZ interface and Static Interface Route I would immediately see something, but no matter what changes I've made the UTM just seems to act as if the DMZ interface doesn't even exist.

Anyone have any insight? Am I missing something obvious required to allow traffic from a new interface to interact with the UTM?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    UTM interfaces

    1. Internal - 192.168.0.1/24
    2. Internet - ISP assigned public IP
    3. DMZ - 10.225.0.1/29

    Is DMZ network configured on eth2 interface and connected with a separate switch?

    If it's on physical interface eth2 then there’s no need of adding a static route.

    Firewall and masquerading rule configuration seem ok. Please add DMZ network under Network Services > DNS > Allowed Networks.

    Also please share a rough diagram of your network setup and post a snapshot of interface configuration as well.

  • Just clarifying here:  Is this a new network card that you added, or just enabled what you already had?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Amodin has the good question.  I suspect that the driver in use for the eth4 NIC is not the one you want.  The Installation process for the UTM only loads drivers for the devices it sees.  If you add a device that is not identical to an existing one, you must re-install the software.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It is a new NIC added. Our Sophos UTM runs in Hyper-V, so this was a new virtual NIC. eth4 is definitely the correct device.

Reply Children
No Data