Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 18882 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

setting up two UTM instances to overcome license.

DavisDarvish
i was wondering if anyone has sucessfully deployed two sophos UTM instances in virtual machines w/ the free 50 ip license in order to overcome going over license limit. If so how did you design your network topology? also is there anyway to put certain IP addresses out of the scope of the UTM such that they don't count towards the license? i would only require simple routing to those ips not content filtering or anything else..


This thread was automatically locked due to age.
Parents
  • 0
    From a legal standpoint, you can't do that.  Only one live instance with a single license.  There's two things you can do to reduce the license IP count:

    1)  Any devices that don't need internet access, network printers being a good example, remove the default gateway address from their settings.

    2)  Run devices through another router behind the UTM NATed.  For example if you use a wireless router.  The wireless routers WAN address will be within the scope of the subnet on the UTM internal interface, while the wireless devices will be NATed on a different subnet.  The only IP address the UTM will count is the external address of the wireless router.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen

    RE: #2, if you setup another router (route #2) behind UTM (route #1), how do you enable devices to communicate with one another? For example. My Sophos UTM (Router #1) settings are shown below.  What should be the Subnet and Gateway values in Router #2 to ensure devices to connect to one another without adding to the Sophos UTM IP count?

    Router 1

    LAN IP 192.168.0.1

    Subnet 255.255.255.0

    Gateway 192.168.0.1

    DHCP Range 192.168.0.10-40

  • 0 in reply to JasonMiles

    Say the subnet behind your wireless router is 192.168.2.0/24 and the wireless router has 192.168.0.254 in your UTM's internal network, you will want a Static Gateway route in the UTM like '192.168.2.0/24 -> 192.168.0.254'.

    Is that what you were looking for?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    BAlfson said:

    Say the subnet behind your wireless router is 192.168.2.0/24 and the wireless router has 192.168.0.254 in your UTM's internal network, you will want a Static Gateway route in the UTM like '192.168.1.0/24 -> 192.168.0.254'.

    Is that what you were looking for?

    Cheers - Bob

    Thanks Bob for your guidance.  Just double-checking. Would the static gateway route be:

    192.168.1.0/24 -> 192.168.0.254 OR 192.168.0.1/24 -> 192.168.0.254?

  • 0 in reply to JasonMiles

    Can't quite get this to work.  The details:

    Sophos UTM 192.168.0.1 (/24)

    NM 255.255.255.0

    GW 192.168.0.1

    DHCP 192.168.0.10-40

     

    Wireless router

    LAN IP 192.168.0.90

    Subnet behind router 192.168.2.0/24

    NM 255.255.255.0

    GW 192.168.0.1

     

    Under Sophos UTM > Interfaces & Routing > Interfaces > Static Routing

    I've created a New Static Route as Gateway Route.

    Network: Internal (Network) (aka 192.168.0/24)

    Gateway: 192.168.0.90 (the LAN IP of Wireless Router)

Reply
  • 0 in reply to JasonMiles

    Can't quite get this to work.  The details:

    Sophos UTM 192.168.0.1 (/24)

    NM 255.255.255.0

    GW 192.168.0.1

    DHCP 192.168.0.10-40

     

    Wireless router

    LAN IP 192.168.0.90

    Subnet behind router 192.168.2.0/24

    NM 255.255.255.0

    GW 192.168.0.1

     

    Under Sophos UTM > Interfaces & Routing > Interfaces > Static Routing

    I've created a New Static Route as Gateway Route.

    Network: Internal (Network) (aka 192.168.0/24)

    Gateway: 192.168.0.90 (the LAN IP of Wireless Router)

Children
No Data
Unfiltered HTML