This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

High level - how do I set up using Hyper-V?

Hi,

I signed up for a UTM home license several years ago and never got around to actually configuring it (looked too complicated).  More recently, I've had another crack but I'd like some pointers into where the thing should be positioned.

I have a Fritz! router to the outside world and a number of devices LAN and WLAN connected.  One of my PC's hangs off another router (acting as a Gb switch) running Windows 10 with Hyper-V enabled.  I've run up the UTM Home on that and given it two vNics (same network though) since the set-up required and internal and an external.  I did only a quick config and set up the web filter/proxy, and pointed one of my browsers at it.....didn't sit like that for long as it seemed to get slow.  That was a few weeks ago, but I thought I'd come here for help before totally giving up :)

FWIW - I have a RaspberryPi running PiHole and have it's IP address added as the DNS address supplied by the Fritz! DHCP.  For now, IP4 only since I can more easily understand it :)

I also have some other VM's running and exposed to the Internet via NAT:  Nextcloud and a wordpress, with an Nginx VM I'm trying to use as a reverse proxy.

1) Would I need to set the internal vNic address of the UTM as the default gateway for clients?  If yes, I'm not sure I can do that from the Fritz! so may have to use DHCP from either Pi-Hole or the UTM itself.  If no....then how does UTM monitor the traffic

2)  Can/should the UTM act the reverse proxy for Nextcloud and wordpress?  I currently have the Nginx VM grabbing TLS certificated from LetsEncrypt; would UTM do this also?

3)  How will this change if I enabled IP6?  I'm sure I read somewhere that the default gateway concept is removed in IP6 so really not sure how to position the UTM in that situation.

4)  Do I need to rethink the entire set-up?  I'm happy to entertain most changes (perhaps when my wife isn't here :)) but I don't have funds to buy another PC to act as a dedicated UTM at the moment.  In case it makes a difference - we're currently ADSL but should be getting 'NBN' (Australia) going live this month (FttB which I believe is VDSL2).  Other than a provider change, I don't believe there'll be any changes (i.e., no additional modem added)

 

--Edit--

I forgot to add what I'm hoping to get out of this;  I'm hoping I'll be able to see which devices are using the most bandwidth in real-time, as well as the total volume of traffic consumed.  If I could drill down and see which websites (eg, is it a streaming service), even better.

In addition to that, I'd like to be able see incoming requests for Nextcloud/Wordpress and know they're being protected.  Finally, I'd hope that if I NMAP (or similar) my network it'll generate an alert :)

 

thanks

Dave



This thread was automatically locked due to age.
Parents
  • Hi  

    I'll answer each question in the order you asked it.

    1) It's not necessary to use UTM's internal Interface(vNIC) as a Gateway for your devices if you want to control their Web traffic only. UTM can work as a Standard proxy where you can point all your Internal devices and it will proxy the traffic. You can specify the ports for which UTM should act as a proxy. You can refer to this KBA: Sophos UTM: Understanding Sophos Web Filtering But you will not get the standard IPS and other Firewall configuration flexibility with that.

    My suggestion would be(only if it's feasible for you) to configure UTM's Internal NIC as a Gateway address and that way, you will be able to protect using IPS as well as also use WAF for your Websites(Nextcloud & WordPress). And I guess this answers your 2nd question as well. You can refer to this KBA: Sophos UTM: How to configure Webserver Protection Sophos UTM now creates a Let's Encrypt account and allows you to create a certificate from UTM itself. This requires HTTP traffic for the certificate domains to reach the UTM. (More on that later)

    Using UTM as a Gateway will allow you to use the Reporting feature in UTM where you will able to see the traffic type and data bytes consumed by each device. It will also give you some more control over DHCP configuration.

    3) I've never personally had an IPv6 setup to comment on this. There are some gray areas in what will work and what will not.

    4) Ideally, you should be able to provide UTM an Internet connection from an upstream device (DHCP or Static does not matter). 

    Since you're new to the Sophos UTM, I'd recommend reading this amazing guide RULZ by Bob and if you would like to see configuration videos, jump over to Sophos UTM YouTube videos

    Hope this helps.

    Regards

    Jaydeep

  • I've now figured out how to create the Letsencrypt certs on the UTM and enabled the webserver protection (and enabled port forwarding on the router);  I can get rid of the nginx VM now I guess.

    I'm seeing more info - such as attempted RDP over the exposed web ports, so I know IPS is working :)

Reply
  • I've now figured out how to create the Letsencrypt certs on the UTM and enabled the webserver protection (and enabled port forwarding on the router);  I can get rid of the nginx VM now I guess.

    I'm seeing more info - such as attempted RDP over the exposed web ports, so I know IPS is working :)

Children
No Data