Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 3 subscribers
  • Views 12331 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM install without NAT

rthur
Hi everyone!

I'm in the process of setting up Sophos UTM for my home network, but I've run into a few configuration issues.

I've been allocated a /24 for my own use. As such, I'd like to avoid using NAT, and instead have the Sophos appliance serve as a firewall and dhcp server.

I've been told that in order to achieve this, I should bridge the two interfaces (the "internal" one, and the "external one") together.

This worked fine for a few hours until the upstream router went down. At that point, devices outside of my network got a lease from my dhcp server, and became part of my internal network - oops.

Does anyone know if / how I can configure Sophos to act as a router and firewall but without NAT?

Thanks!


This thread was automatically locked due to age.
Parents
  • 0
    Arthur, these are all good suggestions.  What Barry was suggesting was: no masquerading, a route in the other router for your subnet like '192.168.2.0/24 -> 192.168.2.254' and:

    Internal:
     - IP: 192.168.2.1
     - Subnet mask: 255.255.255.128
     - No default gateway

     External:
     - IP: 192.168.2.254
     - Subnet mask: 255.255.255.255
     - Default gateway: 192.168.1.1


    That would leave you with 125 addresses for your other devices behind the Internal interface.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Arthur, these are all good suggestions.  What Barry was suggesting was: no masquerading, a route in the other router for your subnet like '192.168.2.0/24 -> 192.168.2.254' and:

    Internal:
     - IP: 192.168.2.1
     - Subnet mask: 255.255.255.128
     - No default gateway

     External:
     - IP: 192.168.2.254
     - Subnet mask: 255.255.255.255
     - Default gateway: 192.168.1.1


    That would leave you with 125 addresses for your other devices behind the Internal interface.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson


     External:
     - IP: 192.168.2.254
     - Subnet mask: 255.255.255.255
     - Default gateway: 192.168.1.1




    I don't think the external interface will be able to "find" it's default gateway like this or am i missing something here?

    I think he needs bridging if he really wants to use these subnets on both sites of the UTM.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Cookie Information Banner