This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Whenever i plug my sophos utm9 into a switch the wan port link is up but its state goes down?

I am trying to create two networks from one that is filtered by the utm and one that is not any help would be great thank



This thread was automatically locked due to age.
  • Hi Robert , 

    Could you provide us additional information for the same scenario you are implementing with UTM9

    1. Version  VM/Device

    2. WAN network , Lan Network address

    3. Physical Topology of the network.

    4. Bridge/Gateway mode.

    Thanks and regards

    Aditya Patel | Network and security engineer.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • sure thing Version is 9.407-3 patter version is 110611

    the sophos lan is on 192.168.2.100 the wan is dynamic 

    the linksys srw2008p switch is set to static ip 192.168.0.1

    and the ubiquiti access point is set to 192.168.1.2 

    I have the motorola surfboard sb6190 connected to the srw2008p switch then the switch connected to the sophos utm and then the wan out connected to the unifi access point.

    I want to be able to add a second network that bypasses the sophos utm

    im not sure if the switch has a bridge mode.

    Thank you in advance

  • Wouldn't it be easier to plug the External interface directly into the modem and bridge an unused NIC with External?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • So plug the modem into the Sophia LAN and configure another lan to connect to the switch? Do I need to use Ethernet bridge mode?

  • Hi,

    you appear to be trying to make life difficult for yourself?

    why are you putting the UTM on the inside of a protected network?

    Why not put the modem into bridge mode and have the UTM provide the internet connection. On the UTM setup a second port with all traffic allowed out so your wifi device can access the internet?

    What you are trying to do will require your modem to have two networks and vlans. Does the modem provide to IP address ranges on its internal interface, from your description it doesn't and you are trying to use the switch to do that.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • The modem only has one lan port it's a Motorola surfboard not sure if it has that possibility my network map goes the ISP to the modem through coax I'm trying to set up 2 networks one that uses the Sophia utm and the other without so I don't have to filter multiple things

  • Good insight, Ian - I didn't read closely enough!  I doubt his ISP would let him lease two public IPs or that his switch is also a router.

    Ian's right, Robert.  Put your modem into bridge mode and configure the External interface to be dynamic Ethernet with a default gateway.  Now you will have a public IP on the External interface.

    Leave the rest of your configuration as is, but make some additions:

    1. Configure another Interface named "Wireless" for the separate network and attach the AP directly to that NIC.
    2. Make a Masquerading rule 'Wireless (Network) -> External'.
    3. Make a firewall rule ''Wireless (Network) -> Any -> Internet : Allow'.

    An alternative would be to attach the switch to the NIC and the AP and other devices to the switch, but your description made it sound like the AP was the only wired device on that subnet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     I know those uq thing require internet access so you can manage them, plain stupidity having to open your network so you can manage the internal device by an external website.

    I know uq want you to buy their firewall stuff, but even then you still need a licence for the AP and it still needs to call to uq hq to be managed. Very poor network security devices, all your internal traffic also managed by an external site not under your control.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.