Real beginner here so need help. UTM was set up originally by somebody else who gave no instructions at all. I am feeling my way, hence this post.
I wish to change the subnet on the management interface eth0 from 192.168.0.1/24, what I assume is the default. I have not yet connected anything to that interface and started to edit it but found that this would disconnect me from the dhcp server and I assume dns. I have other ports being used on other subnets and thought that because I had nothing plugged into port 0 I could change it without compunction but it appears that this network is being used and indeed is the system management subnet.
It is clear I need some guidance here with the basics of how I can change this subnet without disconnecting everything and not being able to get back into the system.
I see that when I log in to the device I am using https://192.168.0.1:4444/ which I was told to use and makes sense now, so how may I change the management interface without making a real mess?
I have no information on the router configuration which lies above the UTM but can seek this information if needed.
Grateful for some help here please.
Thank you for the follow-up.
So your Management interface and Management Vlan are in the same subnet, which will cause issues.
I would recommend you change either of these subnets so they don't overlap.
Maybe try 192.168.2.0/24 for the Management VLAN.
Hi and many thanks for the reply but you have left me very perplexed. I have used the UTM port 0 to connect to my management with dhcp provided by the UTM and the subnet which has all the relevant devices set with static addresses on that subnet and on the management vlan. If I use a different subnet for managing my devices how may I arrange dhcp for the management subnet?
Is there a guide for the correct way to set up the management subnet please.
Hi and many thanks for your earlier replies. I feel I have run into a wall here and this thread has dried up.
You have told me earlier how to change my management subnet on the UTM but now you have advised against using the same subnet for my other devices. Please could you tell me how I should reconcile this apparent conflict. All the other ports on my UTM are being used by other subnets.
Should I start a new thread?
Sorry, I forgot to answer.
The change I mentioned is because you shouldn't have an interface an a VLAN with the same subnet, routing will not work properly this way.
IF you really want to have a Management VLAN then this subnet has to be different than the interface subnet.
IF you don't want to change any subnet for your management VLAN, then you could configure the UTM to only allow access to certain computers, instead of changing your management subnet.
Hi Emmanuel, many thanks for the reply and for explaining the problem, even if I don't know enough to understand why! So if the requirement is to keep the UTM management subnet and the management subnet which I need to manage all my fixed devices, I think it would be much easier for me to change the UTM subnet than re-visit all the fixed devices. Is this a good idea or should I change my private management subnet?
I am not expert in these matters so please forgive my questions if they appear dumb but what is best way to set up my private management subnet? I have no spare UTM ports available to provide DNS and DHCP services so does that mean I must set up my own servers or can I work with only static addresses?
Many thanks for your help once more.
I see you have a Management Subnet and a Management VLAN.
I might be confused, I thought you had different devices in the Management VLAN and the Management Interface in the UTM, if that is not the case, you could change the IP of the interface in the UTM and leave the Management Vlan subnet and you should be fine.
OK so I can change the IP of the interface of the UTM but that means all my devices are on static IPs on their own subnet and there will be no dhcp on the management subnet. Is that OK and will I be able to access all the fixed devices other than the UTM? What if I wanted to add a new device using dhcp?
You should be able to access all of your fixed devices, you could create a DHCP in the UTM on the management VLAN.
I feel I am going round in circles because putting the fixed devices on a subnet which gets it's dhcp from the UTM management port is what I had initially except that I didn't have any vlans created on the UTM as all the vlans are created on the managed switch. As you can tell I am no longer sure what I am doing here. I have no idea how I can create a second subnet out of the management port of the UTM let alone set up a vlan on the UTM with dhcp.
What I have now is a subnet which has a bunch of fixed devices all with their management IPs set as static IPs on the same subnet. This subnet is the subnet which is created on the UTM and has DNS and DHCP set up on it. When in use I plug the management port of the managed switch into Port 0 of the UTM, for example when installing a new device or changing the SSID details on an AP etc. Once completed I unplug the UTM on the understanding that this will improve security.
If as I understand from your earlier post that there could be issues with this approach and that the management of the UTM should be on a different subnet then I need more detailed advice on how I should proceed please.
Might be better if you could provide a network diagram of your current configuration, so maybe seeing your network would help me understand a bit more your current setup.