Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 17191 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Passthrough of WAN address to ethernet port (SG310) possible?

Russ McGinley

Hello.  I have a requirement where I need to set up another device on one of the IP addresses issued by my ISP.  Currently my connection comes in via fiber and is terminated at the SG310.  I can terminate it at a switch and pass ethernet off to the two devices, but figured I'd ask here if it's possible (I opened a support ticket and the guy that I spoke with questioned why I needed to do that and tried to tell me that I didn't need to do it..  never answered my question).  

 

So, basically, I have a /29 address range, and I want to pass one address off to the other device.  I was wondering if it's possible to create a bridge or a passthrough to one of the unused ethernet ports and have that traffic be unfiltered.  I don't want to do a NAT.  



This thread was automatically locked due to age.
Parents
  • 0

    Please disregard this.  Because of time constraints, I just came in at midnight last night and swapped the fiber over to a switch and can now connect as many devices as I need to it.  Thanks for looking.

  • 0 in reply to Russ McGinley

    Hi, Russ, and welcome to the UTM Community!

    In addition to the switch solution, there are some other possibilities, but you should get someone with experience configuring using WebAdmin.  Checek with Sophos sales if your reseller doesn't have that competence.

    Other ideas, depending on the device...

    • Put an Additional Address on the External Interface, a private address on the device, place it behind the UTM and do one of the following:
      • Use a DNAT to send traffic to the device.
      • In Webserver Protection, create a Virtual Server on the Additional Address and a Real Server using the IP of the device.
    • Add a Public DMZ Interface with one of your remaining public IPs that won't be in use on the device and make a firewall rule allowing traffic to it.  You will want to use a /32 subnet on both the  External and Public DMZ Interfaces so that you don't cause WebAdmin to create conflicting routes.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

     

    Thanks for the reply.  The reply that I got directly from Sophos support was that it can't be done without just doing a dnat.  The reason why I wanted to do a straight passthrough is because the device reports its IP address to the server, then it uses that ip address to configure it.  

    Oh well.. it's working now.

Reply
  • 0 in reply to BAlfson

    Bob,

     

    Thanks for the reply.  The reply that I got directly from Sophos support was that it can't be done without just doing a dnat.  The reason why I wanted to do a straight passthrough is because the device reports its IP address to the server, then it uses that ip address to configure it.  

    Oh well.. it's working now.

Children
  • 0 in reply to Russ McGinley

    Understood, Russ, the transfer net approach with the third suggestion I made also requires your ISP to route the other IPs via the primary IP on your External Interface.  That was what the Sophos tech should have had you do.  If you'll PM me the ticket number, I'll see that they get him/her more training.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML