Hi
wondered if someone could help me out with pointers on how to reverse proxy both internal and DMZ webservers to both internal and public clients?
I'm migrating from backend TMG2010 to a backend Sophos UTM and I think I'm still thinking as a TMG admin and I'm finding the documentation to be too vague.
The UTM is dual homed with an Internal NIC and a DMZ NIC
Example for reverse proxying HTTP website from webserver on DMZ to internal network clients
Real webserver
-Create real webserver host with IP address (on DMZ) and select > interface or select DMZ interface?
-Create real webserver selecting this new real webserver host
-Create virtual webserver selecting DMZ interface, adding published website domain and selecting real webserver
Firewall rules
NOTE this is a backend server so shouldn't need to worry about NAT. The edge firewall will NAT between the public IP and the UTM DMZ interface
-Do I need to create firewall rule allowing to allow clients access to the UTM or to the webservers or will UTM create these automatically?
-Do I need to worry about routing on the UTM? On TMG I'd create a local route that routed either to the Internal NIC or the DMZ NIC so that the TMG could route client requests.
Additional IPs
-On TMG I'd use additional VIPs on the Internal and DMZ networks for website listeners and create DNS hosts in Internal and Public DNS to resolve to these additional IPs to point clients to the relevant TMG listener IP. I can't see how to do this on UTM though. I can add the additional interface IPs (and I worked out that the additional IPs need to be on the same gateway as the interface) but if the Virtual webserver uses the interface that the webserver is on (in this case DMZ interface) then where does the additional IP come in? And what do I put in my Internal DNS?
cheers
Mark
This thread was automatically locked due to age.
