I have an existing setup with Sonicwall where I have a port on the Sonicwall designated as a DMZ zone with an IP address range for the additional IPs we were assigned from our ISP. This is connected to a switch which has all of our externally accessible servers connected to it. Each server has a WAN IP assigned to it, and the Sonicwall firewall rules are opened to allow only traffic on the services each server needs to each server's IP. This is allowing these servers to be protected even in the DMZ.
What is the recommended method to doing this on the Sophos UTM? I am currently playing with a trial in a VM which is connected to the WAN, LAN, and DMZ networks. I was thinking of creating a bridge between the WAN network and a 3rd NIC on the UTM, but wasn't sure if that was protecting my servers. I've also read on the forums that DNAT/SNAT could be used if I did this with the LAN connections on the servers using internal IPs and additional addresses on the WAN interface (I'm not sure if I would have issues with Web Server Protection and any of these web servers). I also saw some comments on getting the ISP to set up a transfer network for me. (I'm unfamiliar with this, so not sure how that would work.)
If possible I'd like to eventually migrate from the Sonicwall to the Sophos with minimal hassle, but I understand it may not be as easy as I think. What's the best recommendation to keep my servers protected and still have them accessible externally.
The servers on the DMZ are Exchange 2007 (SMTP, HTTPS), 3CX PBX (SIP, HTTP), FileZilla FTP (FTP), and a Linux Apache web server (HTTP, HTTPS).
Thank you in advance for anyone's help.
Michael
This thread was automatically locked due to age.
