This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setup advice wanted...

 Hi there.

 

I just installed Sophos UTM v9 on a BIS-7870 Network security computer, and it is up and running, runs like a charm, just connected to my LAN as an IP device.

Now I'm not sure how to put the unit into my Network.

 

I have a high speed (500 mbps symmetric) Fiber connection (via XS4ALL ISP), and currently I have a Draytek Vigor 2960 as my router, which I use for VPN.

Should I put the Sophos UTM unit before the Draytek, or behind the Draytek?

 

Would be great to hear from you guys..

 

Best

 

Robbert

Soesterberg, NL



This thread was automatically locked due to age.
Parents
  • Robbert, in general, the recommended solution would be to put your current router in bridge mode and put the UTM behind it where it can lease a public IP from your ISP.

    If the Draytek is a wireless router and you want to use it as a wireless access point, the recommended solution is to disable its routing and DHCP functions and put it behind the UTM to become a wireless switch.

    If you want to use Anti-Virus for Web Filtering, you will need a more powerful processor to keep up with a half gigabit connection.  If you want to use Snort (Intrusion Protection), you will need an even much more powerful processor - at least a 3.5GHz CPU with as many cores as there are people simultaneously accessing the Internet from behind it.  If there are more than two, you probably also will need more RAM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob.

     

    Took me (more then) a while to respond, busy here..

     

    Actually, the are only 2 peeps in the house (my wife and yours truly) so does your advice about hardware (3.5 GHz CPU and as many cores as there are people) makes my current hardware still underrated??

    I'm also looking at the new NUC from intel (i7). Will that suffice for my household of 2 persons?

     

     

    Thanks for your kind help in this, appreciated!

     

    Robbert

  • If you don't have any servers internally, Robbert, you don't need to let any unrequested traffic in with a DNAT.  In that case, you probably can get by with disabling Snort and Application Visibility, and thus likely be OK with your existing setup.  You might want to post your results in the "Unofficial" list at the top of this forum.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • If you don't have any servers internally, Robbert, you don't need to let any unrequested traffic in with a DNAT.  In that case, you probably can get by with disabling Snort and Application Visibility, and thus likely be OK with your existing setup.  You might want to post your results in the "Unofficial" list at the top of this forum.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data