I've added an addition interface to our UTM to setup a DMZ. I am unable to get the UTM to acknowledge any traffic on this new interface. Clients in the DMZ network can communicate with each other, but cannot ping the UTM's interface IP, cannot get access to the Internet, and do not show up at all in the packetfilter.log The existing Internal network interface has worked for many years without issue. UTM interfaces Internal - 192.168.0.1/24 Internet - ISP assigned public IP DMZ - 10.225.0.1/29 UTM Configuration Interfaces & Routing Static Routing Interface route > DMZ Network (10.225.0.0/29) Network Protection Firewall DMZ (Network) > Any > Internet IPv4 NAT Masquerading DMZ (Network) > Internet Interface I thought with the DMZ interface and Static Interface Route I would immediately see something , but no matter what changes I've made the UTM just seems to act as if the DMZ interface doesn't even exist. Anyone have any insight? Am I missing something obvious required to allow traffic from a new interface to interact with the UTM?

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM not seeing any traffic from new interface

I've added an addition interface to our UTM to setup a DMZ. I am unable to get the UTM to acknowledge any traffic on this new interface.

Clients in the DMZ network can communicate with each other, but cannot ping the UTM's interface IP, cannot get access to the Internet, and do not show up at all in the packetfilter.log

The existing Internal network interface has worked for many years without issue.

UTM interfaces

Internal - 192.168.0.1/24
Internet - ISP assigned public IP
DMZ - 10.225.0.1/29

UTM Configuration

Interfaces & Routing
- Static Routing
  - Interface route > DMZ Network (10.225.0.0/29)
Network Protection
- Firewall
  - DMZ (Network) > Any > Internet IPv4
- NAT
  - Masquerading
    - DMZ (Network) > Internet Interface

I thought with the DMZ interface and Static Interface Route I would immediately see something, but no matter what changes I've made the UTM just seems to act as if the DMZ interface doesn't even exist.

Anyone have any insight? Am I missing something obvious required to allow traffic from a new interface to interact with the UTM?

This thread was automatically locked due to age.

Top Replies

awarre0 over 4 years ago +2 verified

Solution Hyper-V Manager Settings of the Sophos UTM VM Expand (+) the Network Adapter on the UTM that is not responding. Advanced Features Enable MAC address spoofing Source How to Build…

Parents

0 FormerMember over 4 years ago
Hi awarre0,

Thank you for reaching out to Sophos Community.

awarre0 said:
UTM interfaces

Internal - 192.168.0.1/24

Internet - ISP assigned public IP

DMZ - 10.225.0.1/29

Is DMZ network configured on eth2 interface and connected with a separate switch?

If it's on physical interface eth2 then there’s no need of adding a static route.

Firewall and masquerading rule configuration seem ok. Please add DMZ network under Network Services > DNS > Allowed Networks.

Also please share a rough diagram of your network setup and post a snapshot of interface configuration as well.
Cancel
Vote Up 0 Vote Down

Cancel
0 awarre0 over 4 years ago in reply to FormerMember

Here is the interface:
Cancel
Vote Up 0 Vote Down

Cancel
0 Amodin over 4 years ago in reply to awarre0

Just clarifying here: Is this a new network card that you added, or just enabled what you already had?
Cancel
Vote Up +1 Vote Down

Cancel
0 BAlfson over 4 years ago in reply to awarre0

Amodin has the good question. I suspect that the driver in use for the eth4 NIC is not the one you want. The Installation process for the UTM only loads drivers for the devices it sees. If you add a device that is not identical to an existing one, you must re-install the software.

Cheers - Bob
Cancel
Vote Up +1 Vote Down

Cancel
0 awarre0 over 4 years ago in reply to Amodin

It is a new NIC added. Our Sophos UTM runs in Hyper-V, so this was a new virtual NIC. eth4 is definitely the correct device.
Cancel
Vote Up 0 Vote Down

Cancel
0 awarre0 over 4 years ago in reply to BAlfson

Bob,

Do you have experience with Sophos UTM on HyperV adding new NICs? Would it require reinstalling the OS?
Cancel
Vote Up 0 Vote Down

Cancel
0 jprusch over 4 years ago in reply to awarre0

Please show us your setup of that NIC in Hyper-V. (screenshot)
Cancel
Vote Up -1 Vote Down

Cancel

Reply

0 jprusch over 4 years ago in reply to awarre0

Please show us your setup of that NIC in Hyper-V. (screenshot)
Cancel
Vote Up -1 Vote Down

Cancel

Children

0 awarre0 over 4 years ago in reply to jprusch

What settings in particular? In HyperV all the Network Adapter screen shows is which virtual switch the NIC is assigned to, which is a Private switch named "DMZ". Both of the clients in the diagram are also on this virtual switch. No VLANs are enabled.

Was there a different setup screen you wanted?
Cancel
Vote Up 0 Vote Down

Cancel
0 jprusch over 4 years ago in reply to awarre0

Ok - my glassbowl isn't working at the moment ...

Just give us the config screens of your Hyper-V network definitions for the system, there is something wrong there obviously.

If I already knew what to look for, I wouldn't ask for that :-)
Cancel
Vote Up -1 Vote Down

Cancel