This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

red setup

Hi there,

I use Sophos UTM and I would like to deploy a box to all my customers and be able to manage that box over https and ssh, but device will be also connected to the customer switch to get ip via dhcp. So I was thinking that RED in transparent/split mode would be the best solution.

my internal network in 192.168.0.1/24

customer 1 network is 192.168.20.1/24

customer 2 network is 172.16.0.0/12

etc..

What would be the best way to configure RED devices? will below solution work?

RED customer 1:

Uplink Mode: Static

IP Address:192.168.20.100

Netmask: /24

Default gateway: 192.168.20.1

DNS Sever: 192.168.20.1

Split Networks: 192.168.0.1/24

I would like to isolate customers as possible so would be the better option to set another subnet on UTM 192.168.0.2/24 and set as Split Networks so only certain machines from that subnet can connect to customers?



This thread was automatically locked due to age.
  • Yes, use another subnet. You may want to familiarize yourself with www.sophos.com/.../116573.aspx
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • "my internal network in 192.168.0.1/24

    customer 1 network is 192.168.20.1/24

    customer 2 network is 172.16.0.0/12"

    "Danger, Will Robinson!" - No business should use subnets in the 192.168.0.0/16 space - that should be reserved for homes, hotels, coffee shops and other public hotspots. All but the largest businesses should use subnets in 172.16.0.0/12, but they should never use the entire space.

    The situation you describe can cause problems when VPNs are added. If your customers have used technicians with so little experience to design their networks, you may need to change your network to a subnet in 10.0.0.0/8 to avoid conflicts as many small businesses use 192.168.0.0/24.

    Even then, if two customers use the same subnetting, you will have a problem with routing. It's possible to overcome that, but you will need an SG 105 with Network Protection at the second customer site instead of a RED.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA