This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos access to different Availability Zones in AWS

Hi,

We have one Sophos instance which works great, It's configured to communicate to 2 different subnets (LAN and DMZ) but we are now adding a second LAN and a second DMZ on a different AWS Availability Zone.

Is it possible to add a route to these two networks without launching a Sophos on the new Availability Zone as well?

The traffic "inside" AWS works great already, it's just traffic from WAN and VPN that needs to know how to route to this new subnets.

Any tips or trix is greatly appreciated.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi and thanks for your answer!

    Managed to get it up and running by doing the following:

    1. Logon to Sophos and add network definitions for LAN2 and DMZ2
    2. Add the networks in the Remote Access group so it's reachable from Client VPN.
    3. Add Firewall rules (Bi-directional) for DMZ2,LAN2 <> Sophos
    4. Add NAT rules (Bi-directional) VPN Sysadmin Pool <> DMZ2,LAN2 + Adding the networks to Masquerade rules
    5. The subnet was also not a member of the correct routing tables in AWS
    6. Add PTR and Reverse Look Up zones in Active Directory for the new zones