Thread Info
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 2258 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trying to hook a Sophos into a Sophos. Need ideas.

Greg Rogers

 

I have two sophos xg's and  a switch and various computers. I'm trying to achieve what you see in this diagram. Now I've gotten it working, however I want to make it so that everyone on the 192.168.60.0/24 subnet is unable to talk to anyone else on the 192.168.99.0/24 subnet. I purely just want them to have internet access and I also want to pass through a public static IP to the Sophos XG #2.

Let me know your thoughts and ideas.

Thanks :)

*edit* I know one option is setting the #2 Sophos wan subnet to /28, but I want to make sure that no matter what the #2 is set to, they will not be able to talk to anyone else on the 192.168.99.0/24 subnet.



This thread was automatically locked due to age.
Parents

  • A firewall rule dropping all traffic between each of the LANs, you will need two rules.
    Ian

  • in reply to rfcat_vk

    Like Ian mentioned. 

    First LAN to WAN Network /24 dropping.

    Lan to WAN Any allow. 

    The first one will match for the dropping. 

     

    Be careful with this. You could cause issues in proxy etc because you build a matching drop rule for outbound. If you are struggling with this, build a LAN to WAN network range 0-253 and exclude the WAN Gateway XG2. 

  • in reply to LuCar Toni

    You're saying put all this on the Sophos #1 correct?

    In Sophos #1 I've tried creating a single rule to deny all traffic on the 192.168.99.0/24 subnet from the 192.168.99.20 ip and it does nothing.

     

     

    I want to make it so that no matter what is put into the Sophos #2, this will work. Basically think of it as treating Sophos #1 as the cable modem edge internet device for Sophos #2.

    I'm using Sophos #2 as a test environment for people to train on.

Reply
  • in reply to LuCar Toni

    You're saying put all this on the Sophos #1 correct?

    In Sophos #1 I've tried creating a single rule to deny all traffic on the 192.168.99.0/24 subnet from the 192.168.99.20 ip and it does nothing.

     

     

    I want to make it so that no matter what is put into the Sophos #2, this will work. Basically think of it as treating Sophos #1 as the cable modem edge internet device for Sophos #2.

    I'm using Sophos #2 as a test environment for people to train on.

Children