Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 7295 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Guest Zone: Internet-only route

Adriano Almeida
Hi,
 
I have 2 ISPs (WAN1 and WAN2).
 
In WAN1 I have my published servers.
 
I use WAN2 for guest access and backup.
 
I created a GUEST zone, with a specific VLAN and a GuestUser rule (GUEST Any -> WAN Any, WAN2 Gateway).
 
I would like, when a cliente in the GUEST zone, access a published server on WAN1, use this route:
 
Client -> WAN2 -> Internet -> WAN1
 
Where do I change so that all traffic originating from the GUEST zone is not routed internally?
 
Thanks,
 
Adriano


This thread was automatically locked due to age.
Parents
  • 0

    Adriano,

    it depends on what ip address the guest users use to access the public servers behind WAN1. In order to get the guest users to access the server using public ip address, make sure that under source zone to put any and not only wan.

    If you use dns name, the behaviour depends on how the guest users resolve the server's name.

    Regards,

Reply
  • 0

    Adriano,

    it depends on what ip address the guest users use to access the public servers behind WAN1. In order to get the guest users to access the server using public ip address, make sure that under source zone to put any and not only wan.

    If you use dns name, the behaviour depends on how the guest users resolve the server's name.

    Regards,

Children
  • 0 in reply to lferrara
    Hi Luk,
     
    I use split DNS. This solves the problem of normal customers.
     
    But for the guest clients, I want them to only access the externally published server addresses. The DNS for them resolves to the external IPs.
     
    When they are on the guest network can not access because the routing is internal. Traceroute points to the IP of WAN1 without going through WAN2.
     
    Thanks,
     
    Adriano