Management, Networking, Logging and Reporting AWS Sophos UTM9. Many subnets handling

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 1 reply
Subscribers 4 subscribers
Views 1849 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AWS Sophos UTM9. Many subnets handling

NikolaySrebniuk over 8 years ago

Hi Sophos,

we want setup Sophos UTM9 in AWS and want to know how many subnets Sophos UTM9 can manage.

As per information from AWS maximum 8 ENI interfaces can be attached to Sophos appliance. So we can manage 8 interfaces/subnets.

But what if we need to manage more subnets? What's a best practice/solution for this case?

This thread was automatically locked due to age.

Parents

0 BillProut over 8 years ago

Hi Nikolay,

The UTM in AWS doesn't actually require an interface per subnet and so there really is no limit. That's because of the AWS VPC default routing, which ensures that all subnets in a VPC can get to any other. So your UTM will function fine with a single Interface, and then you can configure as many subnets for client/server traffic as you need and the UTM should be able to route traffic to/from them. All you'll need to do on the UTM is ensure that you create definitions that include either those subnets or the entire VPC. If you do want to create multiple interfaces the limit is based on the underlying EC2 Instance size and what it allows. Note though that if you do this you may run into problems later if you decide you want to migrate to a UTM High Availability pair or a UTM Auto Scaling cluster. That's because the CloudFormation templates we provide only support a single Interface at this time. Hope this helps but please let us know if not.

Bill
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BillProut over 8 years ago

Hi Nikolay,

The UTM in AWS doesn't actually require an interface per subnet and so there really is no limit. That's because of the AWS VPC default routing, which ensures that all subnets in a VPC can get to any other. So your UTM will function fine with a single Interface, and then you can configure as many subnets for client/server traffic as you need and the UTM should be able to route traffic to/from them. All you'll need to do on the UTM is ensure that you create definitions that include either those subnets or the entire VPC. If you do want to create multiple interfaces the limit is based on the underlying EC2 Instance size and what it allows. Note though that if you do this you may run into problems later if you decide you want to migrate to a UTM High Availability pair or a UTM Auto Scaling cluster. That's because the CloudFormation templates we provide only support a single Interface at this time. Hope this helps but please let us know if not.

Bill
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data