This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Running 2 UTM firewalls in parallel

I am after some technical advice from the brains trust…
Basically, I need to know if it is possible to run 2 UTM firewalls in parallel.

I am currently upgrading my entire home environment, which will include replacing the existing UTM with a newer machine and a clean install.
I am also replacing my current server environment with something that is more current and actually supported by Microsoft.

Over the years I have not been very diligent in cleaning up the UTM when entries have become redundant. I figure it will be simpler to just start from scratch, adding only the settings that I require now.
Sounds simple, but as most would know, it’s probably going to be somewhat more involved than that.

As much as I only have a home environment, my configuration is not what would likely be expected, as I run a Windows domain that includes an Exchange mail server and I also have my own web server. A throwback from working as an IT contractor for over a decade. Sadly, that was over a decade ago, so my brain is hurting trying to get up to speed on current server technologies.

There are currently 4 interfaces configured on the UTM: External, Internal, DMZ and VOIP.

Some things I can obviously do in a lab style network setup, like setting up the AD integration with the UTM, but other things like testing my mail server or phone connectivity could be a challenge, if not impossible to do.

My modem is in bridge mode, so all of the authentication to the ISP is done by the UTM, which is also where my static IP address is defined.
If it helps, I can add another interface to the UTM.

Any advice would be appreciated.



This thread was automatically locked due to age.
Parents
  • Basically, have 2 UTMs on the network and be able to migrate settings from the existing firewall to the new one and then test/confirm that those settings function, before finally cutting completely over to the new firewall.

Reply
  • Basically, have 2 UTMs on the network and be able to migrate settings from the existing firewall to the new one and then test/confirm that those settings function, before finally cutting completely over to the new firewall.

Children
  • ... if you choose different IP's ... it works..


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Not wishing to be rude, but that is a pretty simplistic reply.

    What I really need to know is the "how".
    Also, I don't see how I could test mail flow by simply putting the 2nd UTM on a different IP subnet.

  • For Example, your actual UTM is 192.168.0.1

    Configure your Second UTM to 192.168.0.254

    Configure your Test Client to use Gateway 192.168.0.254

    On the WAN side you‘ll Need an Other WAN IP (no Problem it you‘re using your UTM behind a router).

  • Sadly, I only have a single fixed IP address.

  • Hello,

    then you could use the "old" UTM as your gateway for the second "new" one until you switched over all services.

    You would need to DNAT all the things you want to use to the "new" box on the "old" box AND tell the internal clients or servers to use the internal address of the new box as gateway instead of the other one before.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.