Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 323 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ bypass?

Todd Weiler

Hopefully, this question isn't too stupid, although it may well be.

I have an old XG-135 that has no active subscriptions. I want to use it solely for its VPN capabilities so that I can access some telescope control devices from my iOS device when at a dark site (where I will be operating some smaller telescopes using a different iOS device).

I want to use a couple of Linksys mesh WiFi5 devices to establish a network comprised exclusively of a handful of these telescope control devices (which I think are Raspberry PI-based, but that doesn't matter for this question). The Linksys devices would operate in bridge mode and the Sophos would act as the DHCP server. Behind it would be the cable modem, also placed in bridge mode. I know that renders the network insecure, but I really don't care if someone hacks into it, since it only has a few telescope control boxes on it anyway.

Simple so far, for sure. I've already done it, so I know that it works. But here's the twist: I also want to run a separate home network (for all of our Macs and smart devices) using some other Linksys mesh WiFi6 devices.

Obviously, the cable company only assigns one IP address per customer when their modem is placed in bridge mode (which it has to be for the XG-135 to work as a VPN host). So, how do I share that single cable connection between the telescopes (on the Linksys WiFi5 mesh network) and the home devices (on the Linksys WiFi6 mesh network)? In this scenario, to ensure no drop in throughput and to utilize all of the features of the WiFi6 network devices (including firewall, backstopped by Sophos Home Premium software running on the Macs), one of them would perform the DHCP server function.

I know I can assign the DMZ zone to one of the XG-135's ethernet ports, add a DHCP server to the Zone, and add the required firewall rules - but that would generate a double-natting problem. So,  I'm wondering how to do it (I suppose using a bridge interface)?

Thanks for your time.

PS - LAN is port 1 and WAN is port 2 and DMZ is port 7. 



This thread was automatically locked due to age.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?