This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I get webadmin to see the 2nd network instance defined in AWS for my Sophos EC2 master instance?.

It's only seeing eth0 and won't allow me to add the 2nd interface , which is defined in AWS with a Private IP. I want to use this second interface as my inside interface. Basically, the Sophos UTM console isn't seeing the other interface that I want to use as eth1. I have deployed Sophos UTM 9 within it own VPC with 2 AZ's, one used for a Sophos UTM warm standby. I am know in the process of performing my network configuration. I have configured AWS my initial subnets and routing tables. I am going to have two peering connections, one to a Linux VPC and the other a Windows VPC. Also, 2 VPN's.

Any help will be highly appreciated,

 

Thanks,



This thread was automatically locked due to age.
Parents
  • Hi, Scott, and welcome to the UTM Community!

    It's been awhile since I setup UTM in AWS, so I may be remembering incorrectly, but I wonder if you aren't trying to use a Micro instance that's limited to a single NIC?  I haven't worked with VPCs, but have you tried just putting Additional Addresses on the Internal interface?

    Cheers - Bob
    PS I'll move this thread to the UTM on AWS forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, Scott, and welcome to the UTM Community!

    It's been awhile since I setup UTM in AWS, so I may be remembering incorrectly, but I wonder if you aren't trying to use a Micro instance that's limited to a single NIC?  I haven't worked with VPCs, but have you tried just putting Additional Addresses on the Internal interface?

    Cheers - Bob
    PS I'll move this thread to the UTM on AWS forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob,

    Thanks for the quick reply and I look forward to having a lot of collaboration within the Sophos Community with you an others. I opened a case with Sophos last night and today received a email from a Sophos Infrastructure Engineer. When deploying Sophos UTM 9 HA using the Cloud Formation Stack, which configures two EC2 instances in separate AZ's. You only can define one EIP, because if the master fails and the standby AZ takes over, withing AWS only one IP can be used for this scenario. So, I am going to speak with the Sophos Team and determine the best way to configure my Sophos instances, so that I can have multiple interfaces for a inside interface and VPN's.

    Regards,

    Scott Spangler

  • Hi Scott,

     

    Did you have done this solutions?

    I also got same your problem.

    Can you share AWS and Sophos Configure of this?

     

    Thanks and Regards,

    Palakorn

  • Hi Palakorn, 

     

    I opened this case in 2017 when I was initially deploying Sophos HA-UTM's (warm-standby configuration) within 2 separate AWS VPC's. Also, in 2017 I wasn't very familiar with Sophos UTM's in AWS. I have gained a huge amount of knowledge related to Sophos UTM configurations within AWS since then. These 2 Sophos deployments have been in production since 2017 and I still support them. To start to answer your question. I am only using one eth0 network interface within the primary Sophos UTM EC2 instance. The warm standby in the same VPC running in a different AWS availability zone has only one eth0 interface as well. Additionally, within the VPC the only internet facing Static/Public IP is the public IP of the eth0 network interface of the Sophos UTM. There are at least 20 Linux EC2 instances running web apps in one VPC and the other VPC is for Windows Server EC2 instances.

     

    Please elaborate some more on your specific needs, and I am sure I can assist you.

     

    Best,

     

    Scott Spangler

    DevOps Cloud Engineer

    DevOps Global Solutions, Inc.