This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM as Backend Firewall Design

Hello,

i use Sophos UTM Home since years now, and im really happy with it:) But as the Sophos UTM is still missing the Open VPN Client possibility, and DNSCrypt DOH is also not possible, i was thinking to add an other FW as Fronted Firewall to configure the Services there, but want also to keep the Sophos UTM in the Backend.

This is my actual Sophos UTM Config:

Im not sure yet, what would be the best approach.

Any ideas?

Thx

Best regards

Sally



This thread was automatically locked due to age.
  • place a second firewall between Sophos and internet.

    You need an additional transfer-network and some routes.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • thx dirk for the reply. do i need for the transfer network a own interface to configure, or can i use the eth1 wan interface and reconfigure this interface as transfer network, to connect from this to front-end firewall?

    as i use also http proxy on my sophos, dhcp for the clients, i was wondering if i have on front-end firewall also an proxy running to set on utm just upstream proxy from frontend?

    regarding dns, if the frontend firewall is the dnscrypt proxy, do i have to just add on utm the ip as forwarder?

    Thx

  • 1. yes, use current WAN-Interface

    2. you may cascade Proxy's ... but why?

    we use first firewall as simple packetfilter and sometimes to terminate VPN. Application layer (proxy) at the second (inner) firewall.

    DNS: Sophos may use the first FW as DNS-Server(proxy) ... if DNS sec is more stable than using Sophos 


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hello Sally,

    why do you state this:

    "But as the Sophos UTM is still missing the Open VPN Client possibility,"

    Of course you can you use OpenVPN from and with the UTM, what do you exactly mean, then?

    SophosUTM SSL Remote Access or SSL SIte-2-Site is in fact using OpenVPN...

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hello Sally,

    that coversation is 5 years old. I would think, that buildíng an SSL site-to-site tunnel is always one side as a server and the other side as a client. Since this is using OpenVPN, I don't really get you.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hello Philipp,

    thanks for the reply. If the Sophos UTM could act as OpenVPN Client, I would not need to have a VPN Router additionally to build the VPN connection. 

    Thx

    Sally