This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM - extra networks behind firewall?

Hello.

I currently have everything (desktops & servers) on a single subnet in an office (let’s say 10.10.10.0/24).

What is the best way to split this out so that I can put the servers on a separate subnet (say 10.10.20.0/24) and control access via the UTM firewall? Do I need an extra interface on the UTM to achieve this?

Or can I just use the LAN interface and add extra IPs? That sounds like the less secure option.

I have SG230 appliances.

Thanks in advance.



This thread was automatically locked due to age.
  • If possible, i would use VLANs at the switch and a VLAN-trunc between UTM and switch.
    now you can create rule for the communication between these networks.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hi

    See Dirk's answer. And yes - aditionally you need separate interfaces for the two networks (VLAN-Interfaces on the UTM). And/or you can bind the Networks to different physical eth-Ports if you want to seperate the traffic for performance reasons (to have full gigabit speed between the networks).

    Cheers Janbo

    ---

    janbo.noerskau@comedia.de UTM lover ;-)

  • Hallo and welcome to the UTM Community!

    It sounds like you just want to create a DMZ for your servers, so, no, you can't "just use the LAN interface and add extra IPs."  Dirk and Janbo gave you great suggestions.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA