Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 12067 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuration assistance for placing UTM between existing firewall and isp router

RaviManian

LAN---->Existing Firewall--->UTM LAN Interface---->UTM WAN Interface--->ISP Router--->Internet

Hi folks i need assistance regarding placing a new UTM in between the existing firewall and ISP router

2 issues i am facing currently is gateway ip address and unable to reach www

On my lan the default gateway is the UTM Lan interface ip address. With this setup i am unable to reach the internet

Since i am doing this setup on a VM, when i try from scratch and give the UTM LAN gateway the ip address of the existing firewall interface ip address , and when i try to give my UTM wan interface gateway as the ISP router, i get an message telling i cant have multiple gateways enabled and uplink balancing will be enabled.

When i remove the UTM lan gateway then i lose access to the webadmin and UTM access.

Ok if i remove the UTM WAN interface gateway (which is the ISP router) then how will the packets reach the internet and how will i receive packets to the lan from the internet



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to RaviManian

    Did you configure NAT masquerading on your existing firewall, if so than UTM see only Firewall WAN IP adresses from all requests from LAN clients.

    You can check this with tcpdump command from CLI or from looking at live firewall logs from GUI.

  • 0 in reply to vilic

    I have done only PAT on the existing firewall. Masquerading is done on the UTM only. 

    10.x.x.x.56633: Flags [P.], seq 9839440:98 39616, ack 38881, win 260, length 176 is the o/p from LAN n/w

    For the WAN n/w it says listening. 

  • 0 in reply to RaviManian

    Hi, are in, and welcome to the UTM Community!

    I get an image of you fighting this new device, thinking it is just a dumb firewall.  WebAdmin manipulates databases of configuration objects. The configuration daemon  then consults these to write the actual lines of code that are used to run the device. A single change in one place might cause 1000 lines to be rewritten across multiple applications.

    You might get some help from #3.1 in

    When you say you can't reach the Internet, what are you doing and what do you see?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML