Sophos UTM: Decommissioning of obsolete URL categorization services CFFS.Click here for important info.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 1139 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos sg105 UTM 9 - VLAN setup

Steffen Ravn

Hello,

I am going to rent an office space to an external company. I have to separate the network so that the tenant does not reach our internal resources.

can i set up vlan to separate? if so, how is this done?



This thread was automatically locked due to age.
Parents
  • 0

    Think of the vlan as a separate  layer 2 network segment, coexisting with other segments on the same cable.  As such you would have to define/allow services you want it to have, same as for an interface.

    Appears the sg105 has 4 ports on the back. You would define one of the unused ports for your tenant. You don't necessarily have to use vlan. Vlans are used when you want to segregate an in use interface. Doing so eliminates the complication of having to use a managed switch for traffic on that interface.

    You then define services (nat, firewall, etc) you want them to have access to.  Unless you explicitly define firewall rules between interfaces (or vlans), traffic from one cannot cross to another. Of course, the new interface would be on an unused subnet as well.

  • 0 in reply to Jay Jay

    Okay thanks,

    Maybe I can use DMZ?

  • 0 in reply to Steffen Ravn

    I don't know why they labels them as such. I suppose to make it easier, but also adds to confusion. I believe all the interfaces are identical, so you should be able to assign any unused one. Obviously it won't be used for "dmz" purposes. 

    Make sure to test if you can access any of your existing network from the interface after setting it up. There may be unforeseen rules already in place that may allow traffic.

Reply
  • 0 in reply to Steffen Ravn

    I don't know why they labels them as such. I suppose to make it easier, but also adds to confusion. I believe all the interfaces are identical, so you should be able to assign any unused one. Obviously it won't be used for "dmz" purposes. 

    Make sure to test if you can access any of your existing network from the interface after setting it up. There may be unforeseen rules already in place that may allow traffic.

Children
No Data
Unfiltered HTML