Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 17889 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM Webfilter

Sally

Hello,

I have yet the configuration, that all my Internet Traffic is routed through VPN Router in DMZ. I have the following configuration:

 

Interfaces

LAN (Internal Network): 192.168.0.0 /24

DMZ (VPN Service) : 10.0.0..0 /8

WAN: 84.x.x.x

 

 Static Routing - Policy Route

Gateway Route

Internal

Internal (Network)

Any

Internet IPv4

GW: VPN Router DMZ

 

Network Protection - Firewall - Rules

DMZ (VPN Network) -> DNS, FTP, HTTPS, NTP, SSH -> Internet IPv4

 

 NAT - Masquerading:

Internal (Network) -> External (WAN)

Internal (Network) -> DMZ VPN

DMZ VPN -> External (WAN)

 

 

Webprotection - Filtering Options - MIsc - Transparent Mode Skiplist

Skip Transparent Mode Source Hosts / Nets

Internal (Network)

 

Marked - Allow HTTP/S traffic for listed hosts/nets

 

With this configuration all traffic from Internal LAN is routed through the VPN Service , works.

 

When i deactivate the Policy Route all Internet traffic is routed over the normal WAN Connection, not over the VPN Service.

 

When i disable the Internal Network under Misc - Skip Transparent Mode Source Hosts / Nets, i can connect to Internet, but with my normal WAN Connection, not over the VPN Service.

 

What im doing wrong, what setting i have to adapt to go over the VPN Service but not to Skip the Internal Network in Web protection setting, what im missing?

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Try checking the box for "Full Transparent Proxy" on the Filter Profile

    By default, UTM replaces the source iP with its own exit address.   By the time the exit address is chosen, your route statement does not apply.   In Full Transparent mode, the source ip is left unchanged, which will hopefully allow your intended behavior.

    If you intend to put web traffic through another web filter at the other end of the VPN tunnel, configuring a parent proxy might be preferable.   If you don't intend to do another layer of web filtering, then there is really no benefit from routing the outbound traffic through the VPN tunnel.

  • 0 in reply to DouglasFoster

    Hi Douglas,

     

    thanks for the reply. I can just choose Standard / Transparent Mode.The Filed Full Transparent Mode is greyed out, so I cannt mark it. I dont no why is geyed out??

     

    Thx

    Sally

Reply Children
No Data
Unfiltered HTML