Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 13775 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setup UTM with what Draytek would have called a Routed Subnet

Gordon Taylor

i currently have a small block of IP addresses from Zen 8ips (5 usable ones) and i use the Routed subnet option on the DrayTek router which works great i just assign a real ip to my linux VM and it gets traffic routed to it as expected.

I want to swap my Draytek for a Sophos UTM (Home Edition) its running on a board with 2 Ethernet ports so one to go into the openreach modem (PPoE) and one for the LAN and into the LAN switch.

Can i set Sophos UTM up in a similar mannerto the DrayTek Router with a routed subnet on the LAN side, or possibly over a Tagged VLAN on the lan side as the servers are VMs and can be tagged in Hyper-V no issue.

is this what is called ProxyARP? after having read around a bit on the subject?



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Gordon, and welcome to the UTM Community!

    If some of these public IPs are for web servers, you might want to consider giving them private IPs and using Webserver Protection.  Also, you might consider adding a third NIC so that you can have your public IPs in a DMZ.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks, i would prefer to put them in a DMZ but the unit only has 2 intel NICs in it. its a small unit like a NUC but with 2 Nics... so i cant add a physical DMZ but VLAN is an option...

    i have 5 Public IPs using 3  that i would like to bring in to the DMZ but i just need some step by step guidance on how i do it. 

    i read about turning ProxyARP on both interfaces somewhere but i don't see that as an option on the wan PPoE NIC, then add the Aditional IPs to the WAN interface and make a firewall rule to allow traffic to flow but i tried that this afternoon (could only turn ProxyARP on the Lan NIC though) and didn't see to be able to get it to work.

  • 0 in reply to Gordon Taylor

    You don't want Proxy ARP, Gordon.  If you have a VLAN-capable switch, a DMZ would be a good idea.  To the extent that any of these servers are web servers, I would use Webserver Protection instead of NAT.  I would not bother with a DMZ with public IPs, just put them on the External Interface as Additional Addresses.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Gordon Taylor

    You don't want Proxy ARP, Gordon.  If you have a VLAN-capable switch, a DMZ would be a good idea.  To the extent that any of these servers are web servers, I would use Webserver Protection instead of NAT.  I would not bother with a DMZ with public IPs, just put them on the External Interface as Additional Addresses.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML