This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM - extra networks behind firewall?

Hello.

I currently have everything (desktops & servers) on a single subnet in an office (let’s say 10.10.10.0/24).

What is the best way to split this out so that I can put the servers on a separate subnet (say 10.10.20.0/24) and control access via the UTM firewall? Do I need an extra interface on the UTM to achieve this?

Or can I just use the LAN interface and add extra IPs? That sounds like the less secure option.

I have SG230 appliances.

Thanks in advance.

This thread was automatically locked due to age.

0 dirkkotte over 2 years ago

If possible, i would use VLANs at the switch and a VLAN-trunc between UTM and switch.
now you can create rule for the communication between these networks.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel
0 Janbo Noerskau over 2 years ago

Hi

See Dirk's answer. And yes - aditionally you need separate interfaces for the two networks (VLAN-Interfaces on the UTM). And/or you can bind the Networks to different physical eth-Ports if you want to seperate the traffic for performance reasons (to have full gigabit speed between the networks).

Cheers Janbo

---

janbo.noerskau@comedia.de UTM lover ;-)
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 2 years ago

Hallo and welcome to the UTM Community!

It sounds like you just want to create a DMZ for your servers, so, no, you can't "just use the LAN interface and add extra IPs." Dirk and Janbo gave you great suggestions.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel