Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 721 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos xg firewaLL ON DEDICATED HOST

max briet

HELLO,

i HAVE A DEDICATED SERVER ON ONEPROVIER.

they give me a public IP

I had configure correctly on sophos UTM 9 but when I try conconfigure on XG it work the first day after my IP is block because it does lot of ARP request.

I try to do this

is it possible??

regards



This thread was automatically locked due to age.
Parents
  • 0

    Do you have to do this like this? IP addresses with /32 and a Default GW outside of the Netmask? 

    Can you ask your Provider to get a /XX with a Gateway within the Netmask? 

  • 0 in reply to LuCar Toni

    on UTM no issue with 

    it's a ipfailover with /32 and gateway on the physical host.

    they don't give me a /XX with a Gateway within the Netmask and they can't

  • 0 in reply to max briet

    Then you need to use this IP without Zone WAN. 

    Select this IP as a normal DMZ interface. Create a Static route 0.0.0.0 for this interface. 

    XG cannot have a WAN Interface like that. 

  • 0 in reply to LuCar Toni

    I can configure a interface on wan zone on XG.

    I did that before and configure a static route 0.0.0.0  and a second route with my gateway on the physicyl host 195.x.x.x and add interface for wan.

    But i had lot of ARP request and the provider block my ip

    with UTM and the screen config I don't have any issue

  • 0 in reply to max briet

    Shouldnt XG prevent such configuration? Because XG will generate a lot of ARP requests for everybody. 

    From my perspective such setups are bad practice anyways. Those Point to Point Links are likely to forward all ARP Requests to the next End.

    You are configuring a Point to Point connection without knowing, you are doing this. And XG will still generate all the ARPs, it needs to communicate. 

  • 0 in reply to LuCar Toni

    I did this

    In setup > Network > Interfaces :

    setup the WAN interface (PORTB by defaut) with :

    ip : 212.x.x.x/24

    gw : 212.x.x.x.254 (don't think just apply that, i know it does'nt feel right)

     

    In setup > routing >static routing :

    you'll add 2 routes:

    - 195.x.x..0/24 - leave GW empty - select WAN interface (PORTB)

    - 0.0.0.0/0 - GW 195.x.x.1 - leave interface empty

    but when I apply this all was ok for 1 days after the ip was blocked

Reply
  • 0 in reply to LuCar Toni

    I did this

    In setup > Network > Interfaces :

    setup the WAN interface (PORTB by defaut) with :

    ip : 212.x.x.x/24

    gw : 212.x.x.x.254 (don't think just apply that, i know it does'nt feel right)

     

    In setup > routing >static routing :

    you'll add 2 routes:

    - 195.x.x..0/24 - leave GW empty - select WAN interface (PORTB)

    - 0.0.0.0/0 - GW 195.x.x.1 - leave interface empty

    but when I apply this all was ok for 1 days after the ip was blocked

Children