Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 1058 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

making new gateway for DMZ traffic

Sophos User1175

hi all,

want to make WIFI traffic go out a new WAN interface, i think im going to do it like this, what you think

network > interfaces
network zone WAN, add ipv4 details and give it a gateway ip

rules and policies > nat rules
"default SNAT IPv4" change "outbound interface" from WAN1 to WAN1 and WAN2 or ANY?

routing > sd wan routes
shall i create 2

main one
ANY "source networks" and "primary gateway" will be WAN1

for DMZ
add the WIFI subnet to "source networks" and "primary gateway" will be WAN2

thanks,

rob



This thread was automatically locked due to age.
Parents
  • 0

    Hi ,  Thank you for reaching out to the Sophos community team. The above action or steps are fine and below is also another possible way.

    If this new WAN gateway is only for DMZ and WiFi then when you are adding it on XG you may set that is in the backup gateway type in place of an active gateway which will in the later part eliminate 2 SD-WAN routes creation activity. i.e. with this new gateway as in backup 1st SD-WAN rule to route any source via WAN1 will not be required. if you will set this new WAN as in backup gateway. (NAT rule changes will required in both the scenario to have NAT action in place).

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Vishal_R

    regarding the "sd wan routes"

    if i make one "sd wan route" for WIFI with a "source networks" of 10.110.22.0/24

    and the other "sd wan route" for all the other subnet LANS that i have got and if i put "ANY" in the "source networks" wont 10.110.22.0/24 fall in "ANY"

    so do i need to narrow it down?

    sorry i dont get what your on about when you say make this new WAN2 a "backup" type

  • 0 in reply to Sophos User1175

    so what your saying is make the new WAN as a "backup" and create a new NAT rule for that one subnet to use the new WAN interface

    so no more need for the sd wan routes?

  • 0 in reply to Sophos User1175

    Hello  , if you have more than 1 ISP and if you want to create another ISP act as a backup gateway then under the WAN link manager > select the that another ISP and select the option as backup as demonstrated by  in the screenshot above !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply Children
Unfiltered HTML