Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 5258 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Static Routing

dangerzone

Trying to connect another network to Sophos UTM.

 

Sophos UTM is running DHCP Server 192.168.1.100 giving IP from 192.168.1.101 - 192.168.1.254.

I have a router that's connected to Sophos UTM with IP of 192.168.1.142 that's running its own DHCP server of 192.168.2.1.

Clients in the router's network can connect to clients in Sophos UTM, however, clients in Sophos UTM network can't connect to clients in the router's network.

After searching through the forum, I have a static route configured as follow, Gateway Route -> Network (192.168.2.0/24) -> Gateway(192.168.1.142). But its still not working, am I missing something?

 

Firewall setting is as follows, Internal -> any -> any

NAT Masquerading setting is as follows, Internal -> Uplink Interfaces.

No NAT rule.



This thread was automatically locked due to age.
Parents
  • 0

    You have your router's IP inside the UTM's DHCP-scope, that's not good. It's better to have the router outside of the DHCP-scope to prevent IP-address conflicts.

    The static route is correct, however you most likely will also need a firewall rule for the return traffic:

    192.168.2.0 => Internal   any (of specify the services you really need) => Allow.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to dangerzone

    Then it's most likely something in the other router that prevents "outside" traffic to enter inside.

    If this is just an ordinary router most people use at home then it is by design that it is natting inside traffic to the outside, so it will most likely NAT 192.168.2.0/24 to 192.168.1.0/24 and by default it will block all outside (192.168.1.0) traffic.

    Maybe you can set this router up to really route between the 2 subnet's otherwise you'll need to create either a DMZ-host, Port-forwarding or other NAT rules inside this router to allow the traffic from 192.168.1.0 to 192.168.2.0.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0 in reply to dangerzone

    Then it's most likely something in the other router that prevents "outside" traffic to enter inside.

    If this is just an ordinary router most people use at home then it is by design that it is natting inside traffic to the outside, so it will most likely NAT 192.168.2.0/24 to 192.168.1.0/24 and by default it will block all outside (192.168.1.0) traffic.

    Maybe you can set this router up to really route between the 2 subnet's otherwise you'll need to create either a DMZ-host, Port-forwarding or other NAT rules inside this router to allow the traffic from 192.168.1.0 to 192.168.2.0.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data
Unfiltered HTML