This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM network service architecture documentation

Can somebody please point me to a documentation of the UTM network service architecure? What I am looking for is a description of the interaction of the UTM appliance, the Endpoint agents and the internet services provided by Sophos (e.g. broker) especially considering name resolution and IP addressing.

How does an endpoint agent know how it can connect to an UTM on the internal network (private zone and IP addresses) if the UTM is not acting as a default gateway?

How does the name resolution and connection to the UTM work if the endpoint agent moves to a public network? Is a split DNS setup required?

Does the name resolution involve a broker service from Sophos? How robust are these mechanisms against changes of the domain names?

Thank's a lot!

Martin



This thread was automatically locked due to age.
  • Martin, I don't know of any such document - if you do find one in the KnowledgeBase, please note that here.

    I know that the following technique is used in configuring RED appliances.  From observation, I believe that all endpoints communicate with the UTM by reporting to the cloud which then informs the UTM.  I can't tell if the UTM transparently captures the traffic from internal devices.

    I'm not sure to what your last two questions refer, but maybe they don't make any difference in light of my explanation.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • The reason I am asking is that there is an internet firewall in front of the UTM in my setup and I wanted to avoid having to reverse engineer the filter rules needed on the outer firewall. It seems that the default (factory set)  network protection rules on the UTM are hidden from the GUI so I probably have to extract them directly from the OS if there is no documentation.

    Also I am trying to understand the name resolution as we have an upcoming redesign of our network that will involve new IP address ranges and probably also domain names. If the endpoints and the UTM both communicate with some Sophos web/broker-services and the address resolution and mapping happens within these services I probably do not have to worry about changes in my network, if there are any hard-coded configurations in the endpoints things may break.

    My approach here is to understand how things work first instead of ending up in hours of of trial and error activities.


    Cheers - Martin

  • Very helpful links, thanks a lot!