Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 38 subscribers
  • Views 2909 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 135 with IP over WAN, in a different network than Alias interfaces

IvanildoGalvão

I can have on the same WAN interface, an IP 189.10.10.46/255.255.255.192, with gateway 189.10.10.1.
And several IP Alias on the same interface, only on a different network, 189.10.20.16-189.10.20.30/255.255.255.240?

Alias would be for publishing services hosted on the internal network, such as web server, erp application, e-mail server, etc.

Wait and thanks !



This thread was automatically locked due to age.
Parents
  • 0

    Ivanildo,

    Alias IP must use the same subnet of the physical interface.

    Regards

  • 0 in reply to lferrara

    I don't know that is entirely true; encountered a customer years ago whose ISP was, in American terms, "lame."  They added additional public IPs using ROTP (Routing Over The Top) …. granted, this was with Sophos SG UTM (may have even been Astaro UTM back then... but to my amazement adding each Alias IP with a /32 worked for publishing inbound services (of course it did not work for outbound, but that wasn't the point)… the ISP did some "Magic" that allowed this to work.  I wasn't a fan of the configuration, but it did work.  Things may be different on XG of course.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent

    The provider gave a solution.

    It will put a router on the edge, where it will be the gateway of Sophos, the WAN interface of the router will have IP 189.10.10.46/255.255.255.192, since its internal interface connected directly to XG, it will have IP 189.10.20.17, in XG it will be 189.10.20.18.
    So the XG interface and the Alias will be on the same network.

    That solves the problem, right?

    Detail: The IP addresses here are fictitious.

  • 0 in reply to IvanildoGalvão

    It will work but you will have another hop.

    As I said on v18, you CAN HAVE IP Alias with different subnet mask. Check the screenshots.

    Regards

Reply Children
No Data
Unfiltered HTML