Filtering

Hi Nicholas,

Check the following settings and post screenshots for the same.

Configure the Internal Network host in Allowed Network for DNS global settings.

Add Internal Network in the Allowed Network for Web Protection global settings.

If the websites are gettings blocked, do a policy helpdesk test and verify which Filter Action blocks the request. Allow the website from the same.

Thanks

Hi,

I tried what you said but everything you said seems to be set okay. The only thing I can think of is the External (Wan) down interface isn't showing any activity, perhaps I have that configured wrong? I have BT Openreach Fibre to the Cabinet in the UK. Also how will the incoming network traffic know to pass through the UTM, how do UTMs work exactly?

Thanks for your help

Nicholas

Are your clients pointing to the UTM  as their default gateway?
Do you have a masquerading rule configured?

Is your WAN connection down? In that case you should at least first make sure to have WAN access. You should configure the external interface as is needed by your provider.

Hi,

I didn't really understand that because I'm completely new to networking but thanks for the reply. I think the issue is with my WAN uplink but I'm not sure what settings I should enter for my WAN uplink? I don't even know what a WAN uplink is. I have BT Infinity (Fibre to the Cabinet) broadband connection, can you help with the settings? I've also posted the issue on BT's community.

Nicholas

What most likely could work is to setup your external interface as a DHCP enabled interface so it will get an IP-address from the broadbannd connection. You can then plug the UTM's External interface to the broadband modem and most likely it will get an IP-address.

If it already has one, than please send us a screenshot of your interfaces screen from the UTM Webadmin.

You probably will think I'm really stupid but I'm not sure how to do that.

This is my interfaces screen

That is the screenshot I requested. It does only show an Internal interface and not also an external interface.

Does your UTM machine have at least 2 network interface cards?

It has Wi-Fi and Ethernet if that's any help

I'm afraid in that case you are missing 1 NIC. For the UTM you need to have at least 2 physical NIC's; 1 for internal and 1 for external.

The wifi is unusable for this.

Why would Wi-Fi not work? It's reliable Wi-Fi. Do you mean it needs two Ethernet ports? Are there many computers that have 2 Ethernet ports?

Why would Wi-Fi not work? It's reliable Wi-Fi. Do you mean it needs two Ethernet ports? Are there many computers that have 2 Ethernet ports?

The UTM is a specialized firewall that really needs at least 2 network cards. The wifi in most hardware setups is not supported at all in Sophos UTM. A very few of them could be supported as an access point, but still not as a connection to another wifi network, it's not functioning as a normal wifi card in your everyday computer.

Is that the case even in a VM?

No, in a VM you can create the UTM but then you can also create 2 NIC's using the virtualization software. You can then see both NIC's during setup and setup 1 as internal interface and the other as your external interface.

So in that case I do have 2 NICs? I did see them both during setup but I left the external WAN interface because I didn't know how to configure it.

I think in the interfaces screen that you showed us, you can in that case add another interface. Call it External (or WAN or whatever) and select the remaining NIC as the underlying hardware.

In the VM-host you need to connect this virtual NIC to your internet connection and you can configure it in the UTM just as you would with a normal router (or PC), I don't know your provider, so I don't know how to set that up exactly.

Can I set the UTM to automatically get the WAN settings from my Router. I use my ISP provided modem/router unit.

That depends on how your ISP modem/router is setup. But usually if it's also a router (where you could also connect a computer that then automatically works), you can indeed automatically have the interface setup by configuring it as a DHCP interface

By selecting "Dynamic IP" the interface will request an IP-address from your modem. Also make sure IPv4 Default GW is selected so your UTM knows where to send internet requests.

Hi,

Thanks for the guide although it doesn't seem to pick up an IP address from my router which is weird because apart from that DHCP on my network works fine. On my UTM IPv6 Default GW isn't an option but does that matter as IPv6 is not used much at the moment? Is there anyone here in the forums who uses Sophos UTM Home with a BT Infinity internet connection?

Also just checking clients that should have content controlled by the UTM don't have to be plugged in through the UTM do they? As long as the clients are connected with the same LAN with the same subnet etc it should be fine? As I say this is the first time ever that I've tried to implement an advanced network security system.

Nicholas

Clients don't have to be physically connected to the UTM. Being in the same subnet will suffice. They do however need the UTM as their default gateway so traffic to the internet travels through the UTM.

I'm afraid I cannot help you further with your Infinity connection. IPv6 doesn't have to be turned on if not used.

Guys, I've read through this and I think, Nicholas, you might want to do a factory reset of your UTM VM and start over, but it's really not clear what you're working with...

1. What hardware are you using to run the virtualization - a laptop?  What CPU?  How much RAM does it have.  Which virtualization?
2. How much RAM and how many Processors have you allocated to the UTM VM?
3. How many users will be on simultaneously?  What and whom do you want to control/protect?  Are you only interested in anti-virus for web surfing and filtering your kids' web accesses?
4. What connection speed do you get from BT?
5. Can the BT modem be put in bridge mode so that the UTM can have a public IP instead of something in 192.168.x.y?
6. Is the BT modem also a wireless router, or just a router and you have a separate wireless access point?

Cheers - Bob