Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 811 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM and additional network

Liam Steven

Hi

I have an MPLS WAN network with 15 offices and a central internet connection at head office; all 14 other sites route into head office for their internet. We have two Sophos UTMs in HA.

We use SIP trunking via our telecoms provider but recently we installed (at their recommendation) a small EFM broadbands connection designed for our SIP traffic only. This is independent of our MPLS network.

This service has a Draytek Vigor 2860 for firewall/router but is connected directly to our LAN so the telephone system can reach it to send/receive SIP traffic.

I told the service provider that I felt it was pointless having two Sophos UTMs if we simply patch the Vigor onto our LAN. They told me that the Vigor is a gen2 firewall with only their office IP having access and every port closed other than those for SIP.

I said that we should use and in/out on the Sophos UTM so the Vigor connects via the UTM and then onto the LAN via the UTM.

What should we do?

Any help appreciated!



This thread was automatically locked due to age.
  • 0

    Hi Liam and welcome to the UTM Community!

    This is a difficult question.  Clearly, the VoIP provider is nervous about using anything other than the box they understand.  If they can provide proof that their VoIP equipment is secure and cannot be hacked, you're probably OK.

    I agree with you that it seems simple enough to let the UTM control this traffic.  I bet it's more complicated than just SIP, but that the sales staff and technicians don't know how the Draytek is configured.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Hi Liam,

    I would agree with BAlfson.

    Although 2860 are good they are not as good as the UTM, also note that the 2860 has been superseded by the 2862 as of earlier last year (it is still supported though! I would hope that if your contract for this is within the last 12 months you would have got a 2862 which is a much more robust router).

    I would always use the UTM to manage all internet connections.

    if you understand your network and do not want another point of access to your network, that is hopefully properly managed by the VoIP provider (usually not though), i would always manage the connection myself through the UTM.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

Unfiltered HTML