We have one Sophos instance which works great, It's configured to communicate to 2 different subnets (LAN and DMZ) but we are now adding a second LAN and a second DMZ on a different AWS Availability Zone.
Is it possible to add a route to these two networks without launching a Sophos on the new Availability Zone as well?
The traffic "inside" AWS works great already, it's just traffic from WAN and VPN that needs to know how to route to this new subnets.
Any tips or trix is greatly appreciated.
Thank you for contacting the Sophos Community!
If it is is another AZ within the same VPC then it should be possible as all the routing is done on the AWS side.
You would just need to add Firewall rules on the UTM and configure AWS routing table for the traffic!
Hi and thanks for your answer!
Managed to get it up and running by doing the following:
1. Logon to Sophos and add network definitions for LAN2 and DMZ22. Add the networks in the Remote Access group so it's reachable from Client VPN.3. Add Firewall rules (Bi-directional) for DMZ2,LAN2 <> Sophos4. Add NAT rules (Bi-directional) VPN Sysadmin Pool <> DMZ2,LAN2 + Adding the networks to Masquerade rules5. The subnet was also not a member of the correct routing tables in AWS6. Add PTR and Reverse Look Up zones in Active Directory for the new zones