Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 7257 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dual (two) transparent bridges and default gateway quick question.

FotisVassis

Hello dear friends,

I am setting up a Sophos Home UTM with quite a powerfull Dell optiplex 990 machine (core i7, 8GB RAM) with an Intel quad gigabit card to work as an transparent bridge. It is a project for my home lab but with 2 VLANs seperated with no access to each other, as I give internet to my brother's family living on top floor.

The vdsl modem router is Draytek2860 (dual wan) which does the DHCP and is configured with port based VLAN. Port1 of router is vlan 192.168.10.1/24 and configured to use only wan/adsl1, and port2 is 192.168.168.1/24 and uses only wan/adsl2 of the router.

Have already created one bridge with eth1 and eth2 and gave static IP 192.168.10.254/24 and default gateway 192.168.10.1. eth1 goes to the router port (port1) and eth2 goes to switch.

Everything is working fine, web filtering and IPS is just perfect.

I would like to create another bridge for the other vlan with eth3 and eth4. I will give static IP 192.168.168.254/24 but it does not allow me to set default gateway which I want to be the 192.168.168.1. It says there can be no multiple default gateways.

Am I missing something here? Isn't there supposed to be default gateway when configuring transparent bridges? If I don't set default gateways on either bridges will it work the way I want (meaning will Sophos understand by its own where the different gateway for each bridge is?)

Thanks in advance and regards from Greece



This thread was automatically locked due to age.
Parents
  • 0

    Geia sou, Fotis, and welcome to the UTM Community!

    To have more than one default gateway, you configure Uplink Balancing.

    The usual way to configure the UTM is with the router bridged in front of it so that the UTM can have a public IP on an External interface.  Bridging UTM interfaces limits several options.  I'm not familiar with the Draytek, so I don't know if this approach can work for you.

    VLAN 1 is reserved for Wireless Protection in the UTM, so you will need to choose a different tag if you're using 1 at present.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Geia sou Bob and thanks for the reply.

    For voip reasons we can't get rid of the Draytek as modem router so that's why I am configuring Sophos as transparent bridge.

    So it is my understanding that UTM actually allows you to set two default gateways but gives a warning that Uplink Balancing will be enabled.

    So I think the next step is to configure static routing to force bridge1 (eth1 & eth2) to use gateway 192.168.10.1 and bridge2 (eth3 & eth4) to use gateway 192.168.168.1, is this right?

    Thanks again

  • 0 in reply to FotisVassis

    If you are planning on running eth3 & eth4 as a bridge then you should not need a default gateway assigned.  I have a similar setup (using VLAN tagging, not port-based VLANs, however) and, since the UTM is running as a bridge, it should only need a default gateway for its own internal Internet communication purposes. 

    Host devices don't need to know or be assigned the IP address of the UTM as their gateway.  By definition, you are putting the device between the network and the VDSL and, as such, when devices send traffic to their default gatway, the UTM will process it first before sending it to the default gateway.

  • 0 in reply to Euphrates

    Thank you very much for your reply. It makes sense now.

    BUT when I initially set up the first bridge with eth1 & eth2 I didn't set default gateway and users trying to surf the web got this Sophos error page that "host not found" (although users got proper DCHP and gateway & DNS to their PCs lan cards).

    So in other words, Sophos UTM needs at least one default gateway setup when configuring one ore more transparent bridges?

  • 0 in reply to FotisVassis

    It has to have at least one.  Otherwise, it won't be able to communicate out to the Internet to do content filter lookups to verify that websites are safe to browse as well as installing AV definitions and other signatures for security features.  It's less about the transparent bridge and more about it needing Internet access so it can provide the UTM features you are using it for.

  • 0 in reply to FotisVassis

    If you do use uplink balancing, instead of static routes, create two Multipath rules, each bound to an interface, to guide the traffic.  In each rule, under Advanced, you can choose whether Internet traffic is allowed to fail over to the other WAN connection.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to FotisVassis

    If you do use uplink balancing, instead of static routes, create two Multipath rules, each bound to an interface, to guide the traffic.  In each rule, under Advanced, you can choose whether Internet traffic is allowed to fail over to the other WAN connection.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML