Running 2 UTM firewalls in parallel

I am after some technical advice from the brains trust…
Basically, I need to know if it is possible to run 2 UTM firewalls in parallel.

I am currently upgrading my entire home environment, which will include replacing the existing UTM with a newer machine and a clean install.
I am also replacing my current server environment with something that is more current and actually supported by Microsoft.

Over the years I have not been very diligent in cleaning up the UTM when entries have become redundant. I figure it will be simpler to just start from scratch, adding only the settings that I require now.
Sounds simple, but as most would know, it’s probably going to be somewhat more involved than that.

As much as I only have a home environment, my configuration is not what would likely be expected, as I run a Windows domain that includes an Exchange mail server and I also have my own web server. A throwback from working as an IT contractor for over a decade. Sadly, that was over a decade ago, so my brain is hurting trying to get up to speed on current server technologies.

There are currently 4 interfaces configured on the UTM: External, Internal, DMZ and VOIP.

Some things I can obviously do in a lab style network setup, like setting up the AD integration with the UTM, but other things like testing my mail server or phone connectivity could be a challenge, if not impossible to do.

My modem is in bridge mode, so all of the authentication to the ISP is done by the UTM, which is also where my static IP address is defined.
If it helps, I can add another interface to the UTM.

Any advice would be appreciated.

Parents
  • Okay... maybe a different tact is required here.
    Given that it is possible, I am now considering getting a additional WAN IP address as another way to go.

    My current configuration is a VDSL2 modem in bridge mode and the UTM does the PPPoE authentication to the ISP.

    Can anyone suggest a configuration method that would allow me to have the current UTM on one static IP address and my second UTM using the second IP address?
    The intent would be to effectively have two totally separate LANs; one for each of the UTMs, so I can run 2 different mail servers at the same time (for my configuration testing).

    I have a couple of domains that I do not currently use for email, so I can set them up on the new mail server for testing purposes.
    I would simply modify the A and MX records of those domains to point to the second IP address.
    Therefore, each mail sever would use their own email domains, with no crossover between the two of them.

    I assume that I would only need one of the UTMs to do the authentication to the ISP, so envisage that I may have to add the additional IP address (Interfaces & Routing > Interfaces > Additional Addresses) to the first UTM and then do some form of NAT to the other UTM.

    As stated initially, I only have 4 interfaces in the current UTM (all of which are being used), but I could add another one, or maybe I can put the second UTM on the DMZ vLAN.

    I really do not know which way to go here, but hope that this can be done.
    To that end, I would definitely appreciate some technical advice on this.

Reply
  • Okay... maybe a different tact is required here.
    Given that it is possible, I am now considering getting a additional WAN IP address as another way to go.

    My current configuration is a VDSL2 modem in bridge mode and the UTM does the PPPoE authentication to the ISP.

    Can anyone suggest a configuration method that would allow me to have the current UTM on one static IP address and my second UTM using the second IP address?
    The intent would be to effectively have two totally separate LANs; one for each of the UTMs, so I can run 2 different mail servers at the same time (for my configuration testing).

    I have a couple of domains that I do not currently use for email, so I can set them up on the new mail server for testing purposes.
    I would simply modify the A and MX records of those domains to point to the second IP address.
    Therefore, each mail sever would use their own email domains, with no crossover between the two of them.

    I assume that I would only need one of the UTMs to do the authentication to the ISP, so envisage that I may have to add the additional IP address (Interfaces & Routing > Interfaces > Additional Addresses) to the first UTM and then do some form of NAT to the other UTM.

    As stated initially, I only have 4 interfaces in the current UTM (all of which are being used), but I could add another one, or maybe I can put the second UTM on the DMZ vLAN.

    I really do not know which way to go here, but hope that this can be done.
    To that end, I would definitely appreciate some technical advice on this.

Children
No Data