Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 15576 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Wan -> DMZ Passthrough

Nicholas Pace

We have a client that we are installing a sophos for. They have a cisco VPN in New York with the corresponding side here in Dallas. Previously they had a sonicwall in place and were doing a transparent DMZ which was working fine.

We are implementing the sophos and what we have done is assigned the designated IP address to port 3 and set that port zone to DMZ. We have then went into firewall rules and did from wan to dmz allow any. We are still having issues with the VPN connecting. Any thoughts?

 



This thread was automatically locked due to age.
Parents
  • 0

    Nicholas,

    you should create a Business Application Rule (DNAT template) and allow access from WAN to DMZ where the destination host is the WAN public IP and the protected server is the DMZ IP and Protected zone is DMZ.

  • +1 in reply to lferrara

    Thank you for your help. I will try that. My only concern and maybe I should have explained this in the post. This customer is coming from a sonicwall and it was set up as Transparent DMZ on port 5. So the cisco does not have a local it has the public IP on it. So what I did on the DMZ IP is put the same public IP that I also have on the WAN public IP.

     

    Should that still work?

  • 0 in reply to Nicholas Pace

    With it set that way we do see a IP conflict on our testing bench. The way we are testing is we have a computer plugged into the WAN port and a PC plugged into the DMZ port. The PC on the DMZ port is getting an IP conflict so definitely no traffic crossing it. This is also how we tested the port forwarding for the FTP server. 

  • +1 in reply to Nicholas Pace

    Nicholas,

    if you want transparent traffic from WAN to DMZ (sharing the same IP address network), you can bridge the 2 interfaces and then create network policy to allow traffic coming/going to WAN or DMZ.

    Thanks

Reply Children