Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 2717 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting Sophos UTM running in vmware workstation to route traffic.

Seth-DS

Here is my setup: 

Home Network (192.168.0.0/24) ——> Router(192.168.0.1) ——> Internet

Windows 10 Host running Vmware workstation

Sophos UTM is installed successfully in Vmware workstation with two NIC’s

NIC 1 = Connected to Bridge network in vmware workstation (This is same network as my windows 10 host is connected) So for Sophos UTM this is WAN interface( 192.168.0.0/24).

NIC 2 = This is connected to vmnet 2 - This is internal/test network (1.1.1.0/24)

Test machine (Windows 7) - This machine is connected to vmnet 2 and thus communicating to UTM Via NIC2

Testing Result - Traffic from test machine is routing to internet via Sophos UTM successfully and web filtering policies are working fine.

Question - I have another physical machine in the network(192.168.0.1/24). Whats’s the best way to route traffic from this machine to Sophos UTM and then to Internet? Do I need to configure UTM in proxy mode or is there way to route traffic from Physical machine to internet through this Virtual UTM?

Note - I can only run UTM inside VMware workstation as I don’t have spare hardware. Any suggestions?



This thread was automatically locked due to age.
  • 0

    Hi Seth and welcome to the UTM Community!

    Sorry, I'm not following your description.  A simple stick diagram or a picture of a hand-drawn diagram of your topology with IPs would be helpful.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks Bob. See the diagram that I have attached in my original question if that helps. 

  • 0

    Very helpful, Seth.

    Test Machine 2 needs to have the UTM as its default gateway, not the router.  You can just assign that manually in that machine.

    You may want to disable DHCP on the router and create a DHCP server in WebAdmin for the 192.168.0.0/24 subnet so that you don't have to make manual changes in any future tests from that subnet.  Remember that the DHCP servers in UTM must have a dynamic range that doesn't covere any manually-assigned IPs.

    You will likely need a firewall rule to allow traffic from 2 to 1.  Remember that the "Any" Service does not include Ping and such, it just includes TCP and UDP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks Bob for your inputs. I tried changing the default gateway of test machine 2 to 192.168.0.200 but still not able to browse internet. I can ping 192.168.0.200 from test machine that has a ip of 192.168.0.222. From Sophos UTM CLI, I can also reach internet. See this: 

    See the UTM Interface config:

    Firewall config:

    Masquerading Config(Disabled this rule as I think this is not needed, Anyways tested this with and without this rule enabled but not working).

    Pl note that in my original diagram, Router is wirelsss router(192.168.0.1). I am thinking if i need to run UTM in proxy mode as in this testing we are no longer using internal interface(1.1.1.0/24) of UTM. 

  • 0 in reply to Seth-DS

    Yes, you might want to add "WAN (Network)" to "Allowed Networks" in Web Filtering.  If it's still not connecting, tell us what you learn by doing #1 in Rulz (last updated 2021-02-16).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hey Bob, Thansk for your support.. Here is how finally I made it work. I disabled the firewall and have only one interface enabled thats WAN 192.168.0.0/24. So I am only using the web filtering module with the following setting: 

    The Test machine 2 is now able to connect to UTM through proxy (changed the proxy setting in windows) and policies are working now. 

Unfiltered HTML