Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 7253 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Transparent proxy multiple downstream subnets

Cory Candia

Community,

 

I tried and failed to setup a UTM 9 between two routers in fully transparent mode.  I'd like to know if this is a supported configuration

 

I have an existing firewall, connected to another internal router, with the internal router having a couple of internal client and server subnets.

I the web filtering in transparent mode works when the client device is in the subnet directly behind the UTM, but when I put the UTM between the two routers so it will filter traffic from all the internal subnets, it doesn't work.

I have changed settings to allow additional subnets, set the firewall to any/any, etc.

Is this a supported configuration or is anyone else doing this currently?  What settings did you modify?

 

In the logs, I was getting web traffic blocked do to 'error=connection to server timed out" and "passthrough.fw-notify.net" which are very frequently posted in the forum, but I saw no solution that fixed the problem.

 

 

Anyone know anything about this?



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Cory, and welcome to the UTM Community!

    This should be possible, but "between two routers" doesn't paint a very clear picture.  How about a simple diagram with representative IPs?

    See #2 in Rulz to understand why firewall rules don't affect proxied traffic.

    Cheers - Bob
    PS I've moved this to the Web Protection forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi, Cory, and welcome to the UTM Community!

    This should be possible, but "between two routers" doesn't paint a very clear picture.  How about a simple diagram with representative IPs?

    See #2 in Rulz to understand why firewall rules don't affect proxied traffic.

    Cheers - Bob
    PS I've moved this to the Web Protection forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    This is the network design.  As it turns out, I finally got this fully functioning by doing two things (I think):

    1. Added public DNS servers to to the forwarders list instead of using internal DNS servers

    2. Added a static route statement on the bridged interface for the internal subnets pointing to the interface of the VoIP router seen in the picture.

     

    Much of the weirdness stopped after that.  I also had to set proxy arp on the bridged interface for EIGRP to start being passed correctly.

  • 0 in reply to Cory Candia

    Glad you got it going, Cory.  Many problems can be avoided by following DNS best practice, which your Forwarders change does.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML