Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 5 subscribers
  • Views 22956 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Combine Sophos UTM 9.1 (Free Edition) Firewall with Mikrotik Router at the Perimeter of Private Network

o g

Hi all:

I have implemented a Mikrotik RB2011 series router/firewall that works great with the exception that I have realized the Mikrotik firewall is very lacking compared to the UTM firewall that was on the old Fortinet router/firewall.  I'm thinking of taking a mini PC and installing UTM 9 software firewall on it.  Then using that UTM 9 software firewall computer/device between my Internet connection and my Mikrotik router/firewall which serves DHCP, performs NAS, queuing, etc. (all the stuff the Mikrotik does well).

Have any of you ever attempted such a configuration to combine UTM with a Mikrotik device before?  Should I turn the firewall in the Mikrotik completely off and just use it as the router (dhcp server, qos, etc.) and let the Sophos UTM software firewall do it's thing as the sole perimeter firewall? In summary, separate out the firewall from the router.  Which is how we do things on the big complex telecom networks. 

In addition to the base needs of a firewall which I'm sure this Sophos software firewall can do well, the reason I want to use the Sophos is to block remote access applications (Teamviewer primarily, it's a threat to my network.  Please don't say that this remote access software policing a policy issue. For certain reasons, I can't control every computer in our work space.  But I don't want Teamviewer to work behind my firewall on my network (even my guest network, I don't want remote access software to work).  On the old Fortinet, blocking Teamviewer and a range of applications was a 10 minute configuration task.

I can block websites OK on the Mikrotik router, but even Mikrotik themselves don't seem to have a clue how to block the Teamviewer app (been a question on their forum for going back probably 10 years without a valid answer.  Amazing).  I've seen the most nonsense I've seen on a topic with regards to trying to get the Mikrotik firewall to successfully block the Teamviewer app. Most of the people on the Mikrotik community board have no idea about proper security. They are just interested in getting retail Internet to as many downstream clients as possible. 

If someone that has some knowledge of pairing the of the Sophos UTM firewall with a standard router appliance at the perimeter of the network it would be appreciated.  Specifically, if they could guide on how I can set up the Sophos software firewall to block Teamviewer?  Also, how would I do the NAT for my internal applications.  Just do NAT on the Sophos software firewall and turn off the NAT on the Mikrotik? 

Thanks for your help and time.  Appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi and welcome to the UTM Community!

    Normally, someone would have responded to your post already, but this forum works best with specific questions instead of a general request for help in design and implementation.  An unwritten rule here is "One topic per thread."  That makes it easier for people to find answers here without creating a new thread for a topic that's already been addressed.

    The free license for the UTM is the "Essential Firewall" and it doesn't include the capability to stop Teamviewer, so I'll assume that you're talking about the free home-use license.  In general, to avoid double-NAT, I would suggest completely replacing the Mikrotik with the UTM.  I would use the latest version of UTM, 9.506, instead of 9.1.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks for your reply. Understand your point about specific questions.  Usually those types of things (a = question to b = straightforward answer to question) I'm able to handle myself via either the documentation from the vendor or just reading the forum. I understand the forum format works best for that.  But sometimes, questions come up that have many factors. 

    Understand your point about double NAT.  Let's leave double NAT aside.  Can treat as a separate topic.  Note: I quite like the Mikrotik router/firewall and can understand why the routers/firewalls have become so popular.  The product flexibility, while having a simplicity about it, and the ability to manage and distribute traffic (the key feature) is exceptional.

    I'm a bit confused by your answer.  With regards to there being a version of the Sophos UTM that has the ability to block applications?  I guess they call it application layer filtering. 

    This is the Sophos 9.1 UTM (software UTM) product I'm seeing on the web site and trying to assess if it can do application blocking  https://www.sophos.com/en-us/products/free-tools/sophos-utm-essential-firewall.aspx  (it's says it's for business application on this page, so I'm confused if there is a home vs business version of 9.1.  It's not clear on this page at least)

    I looked into UTM 9.5.  Looks like full comprehensive security system but has flexibility to be a software or hardware UTM (similar to Fortinet hardware security devices that I'm familiar with).  UTM 9.5 at first glance is a lot security capability, when all I want is the ability to monitor & then if needed, block applications (both web apps and local apps) at the perimeter of the network. This is UTM 9.5 App Control feature is what I'm looking for.  9.1 does not have this feature? https://vimeo.com/97575579  That's the first question for this post.

    The second question is would the App Control feature/functionality be available as a stand alone software product that I could deploy either on my own Linux hardware locally or via a Linux local VPS or cloud based Linux VPS? 

    That's the two questions for this post.  Thanks.

     

     

     

Reply
  • 0 in reply to BAlfson

    Thanks for your reply. Understand your point about specific questions.  Usually those types of things (a = question to b = straightforward answer to question) I'm able to handle myself via either the documentation from the vendor or just reading the forum. I understand the forum format works best for that.  But sometimes, questions come up that have many factors. 

    Understand your point about double NAT.  Let's leave double NAT aside.  Can treat as a separate topic.  Note: I quite like the Mikrotik router/firewall and can understand why the routers/firewalls have become so popular.  The product flexibility, while having a simplicity about it, and the ability to manage and distribute traffic (the key feature) is exceptional.

    I'm a bit confused by your answer.  With regards to there being a version of the Sophos UTM that has the ability to block applications?  I guess they call it application layer filtering. 

    This is the Sophos 9.1 UTM (software UTM) product I'm seeing on the web site and trying to assess if it can do application blocking  https://www.sophos.com/en-us/products/free-tools/sophos-utm-essential-firewall.aspx  (it's says it's for business application on this page, so I'm confused if there is a home vs business version of 9.1.  It's not clear on this page at least)

    I looked into UTM 9.5.  Looks like full comprehensive security system but has flexibility to be a software or hardware UTM (similar to Fortinet hardware security devices that I'm familiar with).  UTM 9.5 at first glance is a lot security capability, when all I want is the ability to monitor & then if needed, block applications (both web apps and local apps) at the perimeter of the network. This is UTM 9.5 App Control feature is what I'm looking for.  9.1 does not have this feature? https://vimeo.com/97575579  That's the first question for this post.

    The second question is would the App Control feature/functionality be available as a stand alone software product that I could deploy either on my own Linux hardware locally or via a Linux local VPS or cloud based Linux VPS? 

    That's the two questions for this post.  Thanks.

     

     

     

Children
  • 0 in reply to o g

    The newest version of 9.1 is over 3.5 years old, so I have no idea what the status of App Ctrl was then.  I don't remember when it was re-designed.

    You should download the 9.506 software version: https://www.sophos.com/de-de/support/utm-downloads.aspx

    There may be another stand-alone AppCtrl tool, but there's no way to split anything off from or add to what's included with UTM - it's a stripped-down, hardened version of Suse Enterprise 11.

    Again, if this is for business use, the free Essential Firewall license does not include Application Control.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thank for the information on Sophos 9.506.  Appreciated. 

    I've re-used the Fortinet (Fortigate) firewall in transparent mode (behind the Mikrotik router, which sits at the perimeter of the network). I quite like that Mikrotik with Fortigate in transparent mode configuration.  It works extremely well for anything on the physical LAN ports for the Fortigate. Only issue is the Fortigate in transparent mode and the Wifi LANs on the Fortinet and obviously the wifi LANs on the the Mikrotik don't get the benefit of the app control on the Fortigate.  That's a very frustrating, but gets me 80% of the way.  Maybe I'm missing it (looked everywhere), but Fortigate doesn't even mention app control for the wifi radios in their documentation for the Fortigate in transparent mode. Big omission in my view (maybe someone has their own solution to handle the wifi LANs with the Fortigate in transparent mode for app control). 

    If decided it's time get together a small form factor PC and get a second NIC and a decent size SSD and test out PfSense and Sophos software UTMs along side the Mikrotik.  See if one of them can cover off my specific needs in terms of getting app control on all my physical LANs and Wifi LANs as the Fortigate in transparent mode is falling short.  

    Thanks for all the info.  I'll come back and add some notes over the next weeks/months to this thread.

Unfiltered HTML