I am after some technical advice from the brains trust…Basically, I need to know if it is possible to run 2 UTM firewalls in parallel.
I am currently upgrading my entire home environment, which will include replacing the existing UTM with a newer machine and a clean install.I am also replacing my current server environment with something that is more current and actually supported by Microsoft.
Over the years I have not been very diligent in cleaning up the UTM when entries have become redundant. I figure it will be simpler to just start from scratch, adding only the settings that I require now.Sounds simple, but as most would know, it’s probably going to be somewhat more involved than that.
As much as I only have a home environment, my configuration is not what would likely be expected, as I run a Windows domain that includes an Exchange mail server and I also have my own web server. A throwback from working as an IT contractor for over a decade. Sadly, that was over a decade ago, so my brain is hurting trying to get up to speed on current server technologies.
There are currently 4 interfaces configured on the UTM: External, Internal, DMZ and VOIP.
Some things I can obviously do in a lab style network setup, like setting up the AD integration with the UTM, but other things like testing my mail server or phone connectivity could be a challenge, if not impossible to do.
My modem is in bridge mode, so all of the authentication to the ISP is done by the UTM, which is also where my static IP address is defined.If it helps, I can add another interface to the UTM.
Any advice would be appreciated.
What does running in "parallel" mean?
Cheers - Bob
Basically, have 2 UTMs on the network and be able to migrate settings from the existing firewall to the new one and then test/confirm that those settings function, before finally cutting completely over to the new firewall.
... if you choose different IP's ... it works..
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
Not wishing to be rude, but that is a pretty simplistic reply.
What I really need to know is the "how".Also, I don't see how I could test mail flow by simply putting the 2nd UTM on a different IP subnet.
For Example, your actual UTM is 192.168.0.1
Configure your Second UTM to 192.168.0.254
Configure your Test Client to use Gateway 192.168.0.254
On the WAN side you‘ll Need an Other WAN IP (no Problem it you‘re using your UTM behind a router).
Sadly, I only have a single fixed IP address.
then you could use the "old" UTM as your gateway for the second "new" one until you switched over all services.
You would need to DNAT all the things you want to use to the "new" box on the "old" box AND tell the internal clients or servers to use the internal address of the new box as gateway instead of the other one before.
Mit freundlichem Gruß, best regards from Germany,
New Vision GmbH, GermanySophos Silver-Partner
If a post solves your question please use the 'Verify Answer' button.
As I fully expected, it would seem that there is not really a simple way to do this.
It would have been nice, but I guess that it is probably easier to just configure the new UTM as best I can and then do a cutover, fixing any issues that may arise.
Thanks to all that replied.
It might be helpful to change the management ip addr on the existing one so you can at least refer to it while setting up the new one.
No need, as I have built a separate network infrastructure (basically a lab setup) and can access both UTMs at the same time, but thanks for the suggestion.