Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 3674 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 | Single Nic | Single Arm | Proxy

Bateo

I'm a new user and I'm trying to create a one nic proxy like this:

(This is just for web filtering dodgy sites including HTTPS / turn on search engine safe searches etc.)

 

[Wifi Home Router/Modem]         /\/\/\/\/\/\           [Raspberry Pi 3]  ---------- [Single Nic PC (Sophos UTM 9)]

 

The Rpi3 is directly connected with a cable to the Single Nic PC - it's used because I can't insert a USB wifi nic into Sophos UTM 9 as it's fussy [:(]

 

Therefore, with my limited networking knowledge, the traffic flow would be:

 

Wifi Client PC Request > Wifi Router > Rpi3 > Sophos > Rpi3 > Wifi Router > Internet

 

The Wifi Client PCs would have their browser set to the IP of the Rpi3 as a proxy along with the certificate of Sophos UTM for SSL scanning.

 

My question is:

 

1. Has anybody previously posted a 'detailed' explanation of their 'Single Nic' Sophos UTM setup (including Sophos UTM settings) that I can follow?

 

Thanks in advance!



This thread was automatically locked due to age.
Parents
  • 0

    Hi, and welcome to the UTM Community!

    The short answer is no.

    What device is doing WiFi - the pi or the home router?

    Cheers - Bob
    PS Moved to the Web Protection forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi, and welcome to the UTM Community!

    The short answer is no.

    What device is doing WiFi - the pi or the home router?

    Cheers - Bob
    PS Moved to the Web Protection forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob,

    it's the home router that is the WiFi access point.  The Rpi3 is wirelessly connecting to the home router through wlan0.  The ethernet port of the Rpi3 (eth0) is directly connected to Sophos UTM with a cable.

    From reading a previous post by Kranthi Yadlapudi, it seems like it might be possible with Sophos XG - I tried to install XG but it seemed to get stuck in the installation.

    community.sophos.com/.../single-nic-for-just-web-proxy-setup 

    "First of all you can have the Sophos XG perform as a Webproxy using a single NIC, If you are running Virtual/Software yes it needs a minimum of 2 Nics to spin the VM, But its not mandatory that you need to use both the NICS you can disable the NIC from the network interfaces. Secondly If you would like to use the XG firewall as a Web proxy with just 1 NIC, Just connect the NIC and bridge it with a Physical adapter of the host. Lets say you are running 192.168.1.0/24 network with 20 machines pointing their gateway to 192.168.1.1 and your XG firewall s LAN interface or Port A is connected to the network with 192.168.1.254. create a default route on the XG firewall pointing it to the 192.168.1.1 and create a firewall policy from Source Zone as LAN and Destination Zone as LAN and You can apply the Web filter policy for LAN to LAN traffic and also have all the users authenticate as well at the same time using the sophos Auth Client or the Sophos Captive portal. This is a Single Arm mode operation of Sophos XG firewalls".

    I've made a similar web filter using squid/dansguardian installed on the Rpi3 itself which I might have to fall back on.  I am just trying the Sophos route as it seems more user friendly for somebody who is used to Windows.

Unfiltered HTML