Cannot get WAN connection on UTM9

Hi and welcome,

do you have the modem in bridge mode?

I assume you are using ADSL2+ connection, so you need to set the UTM interface PPPoE or PPPoA.

Ian

Hi Ian and thanks for your reply. I don't currently have the modem in bridge mode as I wasn't sure it was necessary and I found no information anywhere to say I should. As I said I am new to this and these are suggestions I need to try. I was hoping that UTM would just function as a firewall and I could leave my modem/router as it was. I am currently on ADSL2+ but not for much longer as I will be switching to gigabit fibre. I read somewhere that I should set the UTM interface to Ethernet and I had already unsuccessfully tried both PPPOE and PPPOA so if I did bridge the modem than I assume the UTM would be PPPOE. Anyway, I'm not sure what it takes to bridge this particular modem although I have done it with a previous device setup. My router is currently on a 10.9 IP range and someone told me the firewall should be on a different range. I have tried it both ways with no success. The Youtube clip I saw demonstrated the setups for both NICs and it showed how easy it was to set the WAN side up, click renew and refresh the page and it connected. I tried the same and got nowhere.

Thanks again. This principle I understand as my previous setup involved a Draytek modem/router in bridge mode and a Linksys EA 6900 as a router running PPPOE and it worked fine. Bridge mode on the Draytek was pretty much a one click affair. My bandwidth with this setup was around 14.5Mbps and it is the same with the new modem. .The forthcoming upgrade to fibre came with a free (almost) Fritzbox 7490 - top of the range - I couldn't resist it. While I am waiting on the fibre in a couple of weeks  I thought I may as well put the Fritzbox in on ADSL just to get my head round the way it functions, especially with all the on-board telephony.

The basic setup steps have already been done on the UTM. License is installed, Firewall is set as you say, NAT is set as you say. I left the DHCP server off as the one in the Fritzbox was doing the job. Are you saying that I have to use the UTM as a router and can only use the Fritzbox in bridge mode? I'll need to check with the Fritz people and see how bridge mode affects the telephony and how I can do bridge mode. I did have to run the Draytek and Linksys on different subnets to function (although I don't know why).

the fritz box is on the outside of the UTM and therefore does not pass an IP address in to the users.

Ian

So the bottom line is, there is no way to tunnel the WAN address through without bridge mode?

If your external interface (ISP) address has a range of addresses then yes, but if you only have one address no, because you need all ports and protocols for the UTM.

Ian

OK. I had a poke through the Fritzbox interface and it looks like there is a straightforward way of putting it in bridge mode. I've emailed their support to confirm.

Thanks for all your advice Ian. Hopefully I'll have it all up and running soon. It's a great piece of software (especially for the free cost) and it's time to move on from the software programs I have been using. They've done the job but this is the way forward.

Hi Ian. I don't know if you are still around but I thought I'd pass this on to you. I was never 100% sure that I couldn't use the SophosUTM as previously described and so I went back to Untangle which worked in this way before and it all went well. What it offers is a transparent bridge mode meaning you can pop it inline between the existing router and LAN without disruption which is exactly what I need.. So, I did some research and discovered it is possible to do the same with the SophosUTM. It differs from Untangle in that it requires 3 network cards:

http://www.fastvue.co/sophos/blog/easily-evaluate-sophos-utm-9-3-using-full-transparent-mode/

I haven't tried it yet but it seems to make sense and when I get myself another NIC card will give it a shot.

Cheers

Lyn

Hi Lyn,

the UTM will work in bridge mode (wire). I have never tried the configuration, but from experience with other products in bridge mode it should pass the address across to your LAN. The fritz box would provide the IP addresses and the UTM provide the security.

Ian

It certainly works with Untangle for sure. I can see how 3 NIC cards might work but I can't see why 2 also won't also work if Untangle can do it, unless it's a firmware restriction. In fact I bridged the 2 NICs but still couldn't get a passthrough to WAN. The article I sent you suggested the static IP address should be 0.0.0.0 which I tried and now I can't get into the UTM at all. The computer now boots to a CL interface and is not accepting my login details. I don't get the relationship between killing the IP address and not being able to log in and losing the graphic interface. I think I need to read up on resetting to defaults somehow or it could be a re-install. I want to get it all working before Thursday when the fibre arrives..

Hi Lyn,

I haven;t tried untangle for a very simple reason when I started looking for a home firewall, UTM was the only that met my requirements. Since the kids have grownup and left home my requirement have changed, but UTM is it.

I have used another product in wire mode and it requires a admin port and actually provides an admin port as well as 8 user ports. So, I would suspect that untangle does not do full wire connections if you can access management console from the bridged interfaces. That does leave the security of the untangle box a little suspect and open to attack, personal opinion only and no actual experience.

Ian

Hi Ian.

I've got the free version of Untangle which is fairly straightforward and for me particularly learning my way round these products it was a good entry point but I want to do it with Sophos which gives a lot more bang for bucks (or no bucks in this case). I just have a smallish home network so it's only me using it but it's all about the learning curve for me. Untangle has a fairly good reputation and maybe most users use it as a router and I might have done as well if it wasn't for the fact it would have interfered with the telephony side of the Fritzbox. This may not be the case when I switch to fibre/VOIP. Whatever happens, unless I can't get UTM to work I won't be using Untangle as I think Sophos have come up with a brilliant piece of software and I'm determined to get my head round it.

Cheers

Lyn

Hi Ian.

I've got the free version of Untangle which is fairly straightforward and for me particularly learning my way round these products it was a good entry point but I want to do it with Sophos which gives a lot more bang for bucks (or no bucks in this case). I just have a smallish home network so it's only me using it but it's all about the learning curve for me. Untangle has a fairly good reputation and maybe most users use it as a router and I might have done as well if it wasn't for the fact it would have interfered with the telephony side of the Fritzbox. This may not be the case when I switch to fibre/VOIP. Whatever happens, unless I can't get UTM to work I won't be using Untangle as I think Sophos have come up with a brilliant piece of software and I'm determined to get my head round it.

Cheers

Lyn

Hi Lyn,

I am a home user, with 2 real people and lots of toys. I use both the UTM and XG as training software.

The UTM is way better than the XG at this stage. The XG has a different approach to firewalls, supposedly the way of the next generation.

Ian

Lyn, sometimes, the problems you described in your first post can be fixed by clearing the ARP table of the device to which the UTM's WAN interface is connected.

Cheers - Bob

Hi Bob.

I'll take a look at that. I haven't had any joy so far but I've now put a 3rd NIC in place with the 2 external ones bridged, as described in one of my searches. It sounds feasible so I'm going to give it a shot. I've also switched from ADSL to fibre so need to look at the interconnects to see if it is connected in the same way as the ADSL was.

Thanks