This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Flowchart: Trafficflow through the UTM?

Hello
is there a flowchart or something that shows how (which order and so on) the traffic is processed by the UTM?

That would be helpful to check where stuff might get stuck and in what logs to look

Thanks for any advice


This thread was automatically locked due to age.
  • You've probably seen what I call Rule #2:

    In general, a packet arriving at an interface is handled only by one of the following, in order:
    DNATs first, then VPNs and Proxies and, finally, manual Routes and Firewall rules.


    You can see this in this diagram from the ACA V8 Manual:



    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, 

    Are the ACA documents/manuals freely available?

    Thanks,
    Barry
  • Hey Bob
    thanks for the info so far

    ACA documents would be awesome [:)] 

    Would give the interested guy a much deeper understanding hence leading to me pestering you guys with less topics [;)]

    Best regards
  • Try SophosGlobalSupport - YouTube and Astaro Webinars.

    I don't know yet if the training documents are available outside of Sophos Partners, but I'm checking.  - Later: These are only available via the Partner Portal.  Anyone that works for a Partner can get most of the on-line courses free.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Are partners allowed to give them out to their customers?

    Thanks,
    Barry
  • To have a better understand would be especially useful now [:P]

    Just had a case where some internal networks could access an internal services via its DNATed external address correctly but some reached the server with their internal address (instead of the masqued one) which of course let to the service not running (server answered to internal address which wasn't expecting the answer from that address but the external one and therefore terminating this connection)
  • In the above schematic: When is which path taken after routing?
  • Hi chasOrde,

    My understanding of the system is that if traffic is flowing through the UTM without proxying it goes through Pre-Route -> Forward -> Post-Route. Anything going through a proxy will go: Pre-Route -> Input -> (proxy) -> Output -> Post-Route. Traffic terminating at, or originating from the UTM will go through Pre-Route -> Input or Output -> Post-Route respectively.
  • You could google iptables overview for more articles, but here's one that should be helpful: IP Tables Primer

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA