This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos xg firewaLL ON DEDICATED HOST

HELLO,

i HAVE A DEDICATED SERVER ON ONEPROVIER.

they give me a public IP

I had configure correctly on sophos UTM 9 but when I try conconfigure on XG it work the first day after my IP is block because it does lot of ARP request.

I try to do this

is it possible??

regards

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 5 years ago

Do you have to do this like this? IP addresses with /32 and a Default GW outside of the Netmask?

Can you ask your Provider to get a /XX with a Gateway within the Netmask?
Cancel
Vote Up 0 Vote Down

Cancel
0 max briet over 5 years ago in reply to LuCar Toni

on UTM no issue with

it's a ipfailover with /32 and gateway on the physical host.

they don't give me a /XX with a Gateway within the Netmask and they can't
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 5 years ago in reply to max briet

Then you need to use this IP without Zone WAN.

Select this IP as a normal DMZ interface. Create a Static route 0.0.0.0 for this interface.

XG cannot have a WAN Interface like that.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LuCar Toni over 5 years ago in reply to max briet

Then you need to use this IP without Zone WAN.

Select this IP as a normal DMZ interface. Create a Static route 0.0.0.0 for this interface.

XG cannot have a WAN Interface like that.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 max briet over 5 years ago in reply to LuCar Toni

I can configure a interface on wan zone on XG.

I did that before and configure a static route 0.0.0.0 and a second route with my gateway on the physicyl host 195.x.x.x and add interface for wan.

But i had lot of ARP request and the provider block my ip

with UTM and the screen config I don't have any issue
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 5 years ago in reply to max briet

Shouldnt XG prevent such configuration? Because XG will generate a lot of ARP requests for everybody.

From my perspective such setups are bad practice anyways. Those Point to Point Links are likely to forward all ARP Requests to the next End.

You are configuring a Point to Point connection without knowing, you are doing this. And XG will still generate all the ARPs, it needs to communicate.
Cancel
Vote Up 0 Vote Down

Cancel
0 max briet over 5 years ago in reply to LuCar Toni

I did this

In setup > Network > Interfaces :

setup the WAN interface (PORTB by defaut) with :

ip : 212.x.x.x/24

gw : 212.x.x.x.254 (don't think just apply that, i know it does'nt feel right)

In setup > routing >static routing :

you'll add 2 routes:

- 195.x.x..0/24 - leave GW empty - select WAN interface (PORTB)

- 0.0.0.0/0 - GW 195.x.x.1 - leave interface empty

but when I apply this all was ok for 1 days after the ip was blocked
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 5 years ago in reply to max briet

Because you did not configure it as the provider require it.

You need to use /32 not /24.

You cannot simply put a gateway in it.

Use a DMZ interface and use /32. The 0.0.0.0 should be enough, point it to the PortB.
Cancel
Vote Up 0 Vote Down

Cancel
0 max briet over 5 years ago in reply to LuCar Toni

I will try this
Cancel
Vote Up 0 Vote Down

Cancel