Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 13910 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How allow internal device with a static IP unfiltered access to the internet?

BrianRasmussen

Hi.  I'm at a location that used to have a competitor's content filtering appliance.  In that old device, we had a couple of internal devices whose static IPs were put into an exception list and those devices were then completely unfiltered on the outbound traffic, yet behind the firewall for inbound stuff, complete with port forwarding configurations as required.  This was particularly handy for a couple of other appliances inside the network (e.g. NAS for security cameras, Weatherbug station).


Could someone please help me to accomplish the same thing in the UTM 9.3? 


Thank you!



This thread was automatically locked due to age.
  • 0

    On the assumption that you're using Web Filtering in transparent mode, since you don't say, add the hosts to the Transparent Proxy Skiplist.

    Make certain that you have firewall rules in place to allow the traffic and that you have a MASQ rule.

    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Hi, Brian, and welcome to the UTM Community!
    Assuming that the Proxy is in "Transparent" mode, go to the 'Misc' tab in 'Filter Options' and add a Network Group with a Host definition for each IP to the 'Transparent mode skiplist' Source box. Check the box to allow the traffic and click [Apply].
    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi. Thank you, both, for your replies. I just got back to this client's site.

    Yes, it is in transparent mode. I did actually intuitively add the static IP to the Transparent Proxy Skiplist. The NAS I was configuring stopped mid-way through an O/S upgrade due to the filtering. I added the device to the skiplist and it never recovered, so I thought there must be some other setting somewhere that I was missing.

    After posting my question, I prodded along. I factory-defaulted the NAS and it was able to fully upgrade the O/S after adding to the Skiplist. So that is good. I will have to check the firewall and MASQ details that Mr. Klassen also suggested. Thank you all!

    Brian
  • 0 in reply to Scott_Klassen
    Thank you. I guess since you replied first, I should give you the "Mark as Solution".
Unfiltered HTML