Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 7 subscribers
  • Views 2456 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure Sophos UTM home with Verizon Network Extender

HermanL

I'm new to Sophos UTM home and have gotten some things to work and others without much luck. Of the two devices I'm having the most problems with are two Verizon Network Extenders (femtocell) which are used to boost Verizon 3g cellular signal in homes and other dead spots (https://www.verizonwireless.com/support/knowledge-base-25525/). These extenders used to work before implementing the UTM and I've configured the basics by allowing traffic on specific ports, but there's something else I'm missing and frankly don't know how to resolve. 

I've also now added a USB NIC (eth2) and configured it as DMZ with it's own DHCP server on a different subnet, added it to DNS allowed networks, created a MASQ of DMZ to WAN, added firewall rules for DMZ to Any,WAN and Internet; but the DMZ interface is showing no outbound traffic and very little inbound.  

In either configuration of Firewall rules on internal LAN or in DMZ, the best I can achieve is for all but the SYS indicator to be blue, SYS is slow flashing red.  

ISP:  Comcast gateway in bridge mode, dynamic IP

Sophos UTM 9.07-3 installed on a Zotac CI-323, all other services including IPSEC working for other devices.

Configuration:  Comcast Gateway --> Sophos --> 8 port unmanaged switch (LAN/eth0) and 5 port unmanaged switch (DMZ/eth2)

Tomorrow night, will try to test a laptop on a port on the 5 port DMZ switch

 

I've been pulling my hair out for the last week and am not finding many answers or making much progress.  Is there anyone that can help or provide some guidance?

Thanks



This thread was automatically locked due to age.
  • 0

    I have one of these in my environment, and have put it outside the firewall. There is a fairly high risk of 4G Repeater spoofing that can give someone complete access to the network you've plugged it into - if you've got two of them, you've now got two potential ways someone can get in. I would strongly recommend creating yourself a subnet outside the firewall (if you don't already have one) for devices like these. We follow the same practice at work with our repeaters.

  • 0

    I have a TmobileTower (signal booster) in my home network.  It is connected to a separate interface.  To troubleshoot I would suggest using FW live log.

    1.  Assigned your extender an IP address

    2. Open live log and filter only the IP address you previously assigned to the extender and see what port it is trying to go out and being blocked

    3. Create a FW rule for the extender and port and that should do the job.

     

    In my case, the TmobileTower is using ports 500, 4500, 123

     

    Good Luck

Unfiltered HTML