Sophos access to different Availability Zones in AWS

Hi,

We have one Sophos instance which works great, It's configured to communicate to 2 different subnets (LAN and DMZ) but we are now adding a second LAN and a second DMZ on a different AWS Availability Zone.

Is it possible to add a route to these two networks without launching a Sophos on the new Availability Zone as well?

The traffic "inside" AWS works great already, it's just traffic from WAN and VPN that needs to know how to route to this new subnets.

Any tips or trix is greatly appreciated.

Parents
  • Hello Jonathan,

    Thank you for contacting the Sophos Community!

    If it is is another AZ within the same VPC then it should be possible as all the routing is done on the AWS side.

    You would just need to add Firewall rules on the UTM and configure AWS routing table for the traffic!

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi and thanks for your answer!

    Managed to get it up and running by doing the following:

    1. Logon to Sophos and add network definitions for LAN2 and DMZ2
    2. Add the networks in the Remote Access group so it's reachable from Client VPN.
    3. Add Firewall rules (Bi-directional) for DMZ2,LAN2 <> Sophos
    4. Add NAT rules (Bi-directional) VPN Sysadmin Pool <> DMZ2,LAN2 + Adding the networks to Masquerade rules
    5. The subnet was also not a member of the correct routing tables in AWS
    6. Add PTR and Reverse Look Up zones in Active Directory for the new zones

Reply
  • Hi and thanks for your answer!

    Managed to get it up and running by doing the following:

    1. Logon to Sophos and add network definitions for LAN2 and DMZ2
    2. Add the networks in the Remote Access group so it's reachable from Client VPN.
    3. Add Firewall rules (Bi-directional) for DMZ2,LAN2 <> Sophos
    4. Add NAT rules (Bi-directional) VPN Sysadmin Pool <> DMZ2,LAN2 + Adding the networks to Masquerade rules
    5. The subnet was also not a member of the correct routing tables in AWS
    6. Add PTR and Reverse Look Up zones in Active Directory for the new zones

Children
No Data