This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Propagate Windows File Shares to RED Network

I have a very basic RED setup. The UTM is at the company office, which also has a Windows 2016 domain controller and file server. There will be a small branch office with a RED 10 or RED 15. I am testing with a RED 10. Everything works as expected, except that I cannot see the Windows file shares on computers in the RED network, when I go to Windows Explorer and click the network "tab" on the left side.

The office network is 10.28.35.x /24 and the RED network is 10.128.135.x /24. I can ping, use remote desktop, and get to the internet from both the office and branch locations. I can enter the IP address of the Windows 2016 server to see the file shares from the branch office RED, but it would be nicer if the file shares would appear on the branch office computers without prompting.

I configured DHCP on the UTM for the RED network to include the office server (10.28.35.50) as DNS and WINS server, and also enabled h-node type in advanced for UTM's DHCP server for the RED network. So far, nothing has worked.

All I want is for the File Shares to appear in "Network" in File Explorer for computers on the RED branch office network. 

The real goal is for the branch office network to seem like it is part of the office network through the RED connection. 

Any suggestions? 



This thread was automatically locked due to age.
Parents
  • Probably the easiest solution would be to bridge reds0 to your LAN.  Otherwise you have an issue of passing broadcasts between networks and the lack of a WINS server in the remote site.

    Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Probably the easiest solution would be to bridge reds0 to your LAN.  Otherwise you have an issue of passing broadcasts between networks and the lack of a WINS server in the remote site.

    Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Thank you for the suggestion. It is just what I need.

    Will you give me hints about how to setup that bridge? 

    If I set up a bridge, does it pass all packets from the RED side to the UTM side, or does the firewall still inspect and block packets accordingly?

  • You're right - you will need a firewall rule like 'Internal (Network) -> Any -> Internal (Network) : Allow'.

    To make a bridge, you first must make the reds0 virtual NIC available by deleting the current interface associated with it.  Then, just change the Internal interface to type Ethernet bridge and select reds0.

    Does that work for you?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Sorry, no. I backed up my UTM configuration, and then deleted the RED interface, which deleted the DHCP, the DNS, the firewall settings, etc.

    The problem is when I try to create a new Ethernet Bridge in Interfaces, it offers the reds1 interface (good!), but it does not offer the active "Office" network interface. It offers physical ethernet ports that are not in use, but not the office network that should be bridged to the RED so that the systems behind the RED get Office DHCP IP addresses and see the office network.

    Any further hints, please?

  • In the Internal interface definition, change the Type to Ethernet Bridge and then select reds1:

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks again. I will try it this weekend when the employees are away. I'll let you know.

  • The hint was just what I needed. Thank you so much!

    I connected a domain-joined computer to the RED, which is behind a typical router on a separate connection to the internet, but it tunnels back and seems to be in the office network. I added an AP behind the RED and it works as well. I created a guest WiFi (172...) and a separate employee WiFi, and all appears to be working as expected. I will be testing all week before sending the RED and AP far away, out of the country.