This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I am unable to get internet traffic through the UTM.

I have UTM Home v9.3551 virtualized on VMWare Workstation 10 on Essentials 2012 R2. I have a 4 port gigabit Intel nic configured as internal and external interfaces for the UTM. As my instance of the UTM is virtualized I have left my FVS318Gv2 Netgear VPN Firewall in place.

Current Configuration:

The external interface is connected to the vpn firewall with the internal interface connected to a 16 port web managed switch. The internal interface is on a different subnet than the internal interface.

Can the UTM work in this configuration?

Other configurations I have tried:

Internal interface plugged into the modem (partial bridge mode; static IP w/RIP on the ISP side) with the static IP information entered and the internal interface plugged into the switch.

In neither configuration have I successfully gotten internet traffic through the UTM.



This thread was automatically locked due to age.
Parents
  • Ryan Miller said:

    ....The internal interface is on a different subnet than the internal interface.

    Can you please explain this sentence a little bit. A network diagram would be also useful.

  • You are misconfigured:

    In your scenario the netgear has to be treated like it is the wan device not a router as far as what the UTM sees.  

    1. external is fine

    2. disconnect the netgear from the switch.

    3.  what is the third connection for?  

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 3. All other server traffic (non-vm)

    I had disconnected the router from the switch but nothing changed.

    If you look at my OP I explain my current setup which is what the diagram is for.

    I can make additional diagrams for the other configurations I have tried.

  • William Warren said:

    You are misconfigured:

    In your scenario the netgear has to be treated like it is the wan device not a router as far as what the UTM sees.  

    1. external is fine

    2. disconnect the netgear from the switch.

    3.  what is the third connection for?  

    then you have something misconfigured either inside the utm OR the vmware switch.  I do not know vmware well so it is going to be up to somebody who knows vmware well...

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • I suspect the VM also. I have vmnet2 and vmnet3 configured as bridged with the corresponding internal and external interface selected from my Intel quad port gigabit NIC.

    Both virtual interface IP's are static but the physical interface is DHCP. My lingering question is - how is the physical interface supposed to be configured?

  • It appears that you have two NICs connected to the same ethernet segment. What were you trying to accomplish with that? Is there a reason why you don't replace the Netgear with your UTM?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I do not want to replace the Netgear with the UTM virtualized in VMware because of the security risks with VMware. I plan on reinstalling the UTM on standalone hardware and removing the Netgear.

    Perhaps I am misunderstanding your use of segment but the internal port is plugged into a 16 port switch and the external port is plugged into the firewall (albeit it is also a switch but is physically and logically separate)

Reply
  • I do not want to replace the Netgear with the UTM virtualized in VMware because of the security risks with VMware. I plan on reinstalling the UTM on standalone hardware and removing the Netgear.

    Perhaps I am misunderstanding your use of segment but the internal port is plugged into a 16 port switch and the external port is plugged into the firewall (albeit it is also a switch but is physically and logically separate)

Children
  • what security risks?  The utm itself is not perfect.  I run hyper-v with UTM virtualized with it on the front lines.  VMWare is not a huge risk if you have it properly configured and you keep it updated(like any other software).  double-natting like this only causes other headaches(like you are experiencing now).

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • I'm using Wokstation 10 and security is an issue because it is not regularly updated.

    I would love to use hyper-v but I'm running Essentials 2012 R2 and is only licensed for an instance of Essentials 2012 R2. I have considered upgrading to Standard but I will lose the media server functionality, so standalone hardware it is. I already have a case, psu, and ram, so the only items I need to purchase is a mobo and cpu.


    I kept bringing up double nating as a potential issue in Spiceworks for WAN connectivity and throughput but most people down played the potential or ignored it. I did plug into my modem with the external interface configured with my static IP but I still couldn't get any data through from a client. I was successful in doing a traceroute and ping through the external interface.

  • Regardless of licensing I'm giving hyper-v a go and so far so good. There were some irregularities when it came to updating the UTM software on Workstation 10 that have not happened with hyper-v.

  • Switching to hyper-v did the trick! I have the UTM running DHCP and clients have connectivity after releasing and renewing the NIC IP. I am still going through the Netgear for my external interface so I will conduct further testing to see what double nating will break and I have removed the connection between the router and switch so everything runs through my server.