Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 21017 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM configuration with Verizon FIOS

MatthewFord

Trying to setup UTM 9.3 with Verizon FIOS. I currently have connected as follows:

Verizon FIOS router LAN port --> UTM WAN port (eth2) -->UTM LAN port (eth1) --> switch --> Wireless router LAN port (used as access point).

The verizon router is 192.168.1.1 with DHCP enabled for range 192.168.1.100 - .200 (do I need DHCP here?  I do have a couple of devices directly connected to this router bypasing UTM)

I have UTM LAN set to 192.168.1.2.  It seems I may need to enable DHCP here since downstream clients are not getting address from Verizon router.  I tried enabling DHCP with range 192.168.1.10 - .99 with no luck

All subnet masks are 255.255.255.0.  I will need all internal LAN devices to reach each other - a wireless client connected to the router needs to hit a printer connected to the Verizon router, etc.

The wireless router is set to 192.168.1.3 no DHCP thinking it would pick up address from something upstream.

I'm currently not getting internet access downstream of UTM.  Using Tools-->Ping check on UTM I can ping internet addresses by IP but not by name.

Suggestions greatly appreciated.



This thread was automatically locked due to age.
  • 0
    Exactly how is the Sophos UTM set up? Do you have it set up in router/gateway mode (i.e. the default) where the Sophos UTM manages the Internet connection or are you trying to set it up in bridge mode (i.e. requires additional configuration) where the Verizon device manages the Internet connection but the Sophos UTM sits in between the Verizon device and network providing security services without the need for network reconfiguration-ish?
  • 0 in reply to Euphrates
    currently setup in default mode. I want UTM to manage the traffic that flows through it. If I need to reconfigure the network so that all devices connect to it I can. But I will have to have the Verizon Router as the first device since that's how I get to internet.
  • 0
    Is the internet connection going to your FIOS router Ethernet or Coax? If it's Ethernet it is possible to eliminate the Verizon router for a simpler setup.
  • 0 in reply to Dlabun
    it is ethernet, but it also has a coax connection. I was under the impression that it needed both so that the STBs received programming guides, etc. However, I am open to suggestions for simplification.
  • 0
    I have exactly the same setup and it has been working fine for 3 years. Here is what I did. The Verizon router is set to 192.168.1.1. The UTM LAN port which connects to Verizon router is assigned a static IP 192.168.1.3. In the Verizon router, I have created a DMZ and added 192.168.1.3 to the DMZ. This way, the Verizon router passes all traffic to UTM. All the firewall functions are done within UTM. I have left DHCP enabled in Verizon router. If you have Verizon DVR, the DVR gets its IP from Verizon router. The UTM LAN port which connect to internal network is assigned IP of 192.168.100.1. The UTM acts as DNS resolver and DHCP server for internal network. So in your network diagram, here is what I have done:

    (192.168.1.1, DHCP ON)Verizon FIOS router LAN port (static IP 192.168.1.3 in DMZ, reserved in DHCP)-->UTM WAN port (eth2, 192.168.1.3) -->UTM LAN port (eth1, 192.168.100.1) --> switch --> Wireless router LAN port (used as access point, 192.168.100.2). All subnet masks are 255.255.255.0

    I have also turned on the firewall in Verizon router to recommended security level. Since all internet traffic is anyways passed on to UTM because of DMZ, the router security settings will not have any impact on UTM. This will also ensure that your Verizon router cannot be compromised. I am sure you would have done it already, but please change the default password of Verizon router.

    Of course, the choice of internal IP is totally up to you. The setup has one major problem. You will never be able to use certificate based authentication because of double NAT. Also, if you want to use service like DynDNS, it will have to be configured in Verizon router or in a Windows PC in internal network. It cannot be configured in UTM as UTM will update the DynDNS to 192.168.1.3 IP address instead of your public IP.

    Just to clarify, I am not a network expert, just a DIY tech enthusiast.
  • 0 in reply to ArunGupta
    Take a read of this DSLReports information.... Personally I could careless about remote DVR access or Caller ID on my TVs so I went with option # 10. Verizon has no visibility into my network and I still get my TV service.
    www.dslreports.com/.../16077
  • 0 in reply to Dlabun
    I had seen the bridge configurations when I was researching on how to connect the FIOS router. The MOCA WAN bridge needed something extra (if I remember correctly) and I also have a DVR, so I went with the same configuration which OP has.
    I think OP's problem is caused by Verizon router and UTM being on the same IP range. The UTM LAN (internal network) must be on a different IP range than the UTM WAN port.
    Verizon does not have any visibility into my network, but they still have access to their router. Once I needed the router password reset and they did it remotely, without impacting anything.
  • 0 in reply to ArunGupta
    That's the whole problem with FIOS, there are way too many ways to configure it to accomplish the same thing. To me security was a higher priority so I have no Verizon equipment other than the ONT sitting in the garage.
  • 0

    I have a similar setup...

    Leave DHCP turned on on the Verizon router.  The cable boxes need the addresses from here.

    The issue is the WAN and LAN interfaces on the UTM need to be on separate networks.

    So, what you could do is:

    1) Change the IP address of the UTM LAN to 192.168.2.1

    You will lose your connection to the UTM at this point.

    2) Change your IP address to 192.168.2.100

    3) Reconnect to the UTM (192.168.2.1)

    4) Turn on DHCP on the UTM

    Range is 192.168.2.100 to 192.168.2.200

    Subnet mask is 255.255.255.0

    DNS is 8.8.8.8 and 8.8.4.4 (These are Google's DNS servers)

    Default gateway is 192.168.2.1

    5) Save your settings, then turn your machine back to automatic for IP and DNS.

Unfiltered HTML