This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophis UTM and Unifi

Hi all,

I'm considering installing Sophos UTM at my business. I currently have a unifi setup. Fibre Modem --> Unifi USG --> Unifi Switch --> Unif APs.

I have a few questions about the install. Firstly do I install the UTM in between the fibre modem and the USG, or between the USG and Switch? The main reason for using Sophos UTM is to fill in the gaps that the Unifi USG cant do. Mainly keeping a records of Mac addresses and website visited and Web filtering. My plan was to use it in transparent mode. I understand the issue with using it to record HTTPS as i will need to install a custom cert which is fine or live with the HTTPS cert errors.

Also i have 4 VLANs setup so if i was to put the UTM in between the USG and switch will the UTM pass all the VLANs i.e. trunking? 

My other idea was to use the UTM as a VPN server, currently the Unifi one is very buggy. So ideally the UTM will need to be installed between the fibre modem and the USG. if so does the UTM support pppoe? 

And finally to test the system i will be using an old intel i3 3220 and a 4 port intel nic. will this be ok for web filtering/reporting and VPN? not too concerned about AV and IPS, maybe i can look at this another time. My line connection is currently 100/20 with the option to upgrade to 300/30.

Sorry for all the questions 



This thread was automatically locked due to age.
Parents
  • Hello Peter

     

    Not sure if you still want to do this but I managed to get this setup running

    Before you start, backup your unifi configuration!!!!

     

    Step 1: Edit all port forwarding rules to the XG Firewall, create new rule to forward UNIFI ports to the XG Firewall

    https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used

     

    Step 2: Connect the XG Firewall to the LAN and to the router using a crossover cable

    Step 3: From your computer, login to the xg firewall via web browser and configure bridge mode, IP address has to be on the same subnet as your LAN, once this is done users should start browsing internet as normal

    Step 4: Configure the XG as a DHCP relay, create network rule that allows all traffic between UniFI gateway IP ADDRESS and the Controller PC IP ADDRESS, after this you should be able to see the gateway on the controller

    STEP 5: recreate your port mapping rules for forward from the XG Firewall to the server

     

    Hope this helps

     

     

     

Reply
  • Hello Peter

     

    Not sure if you still want to do this but I managed to get this setup running

    Before you start, backup your unifi configuration!!!!

     

    Step 1: Edit all port forwarding rules to the XG Firewall, create new rule to forward UNIFI ports to the XG Firewall

    https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used

     

    Step 2: Connect the XG Firewall to the LAN and to the router using a crossover cable

    Step 3: From your computer, login to the xg firewall via web browser and configure bridge mode, IP address has to be on the same subnet as your LAN, once this is done users should start browsing internet as normal

    Step 4: Configure the XG as a DHCP relay, create network rule that allows all traffic between UniFI gateway IP ADDRESS and the Controller PC IP ADDRESS, after this you should be able to see the gateway on the controller

    STEP 5: recreate your port mapping rules for forward from the XG Firewall to the server

     

    Hope this helps

     

     

     

Children
No Data