Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 16265 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM in transparent/bridged mode

AdamBurn

Hello all,

 

Desperately hoping that someone can help with me this.  We've had the UTM running for over a year now in standard mode with no problems.  I now want everything to go through the UTM transparently.

 

The topology would be LAN > UTM > External Firewall > WAN

Currently the default gateway on the core switches is setup as the existing firewall (*.*.192.251).  I would change this to the UTM IP (*.*.192.254) and then what?  I have tried a number of different ways none of which have worked properly.  My original plan was to have an inside interface, and an outside one, so in and out.  Then I have thought about link aggregation?

I have read recently about using a gateway route, is that the way forward?  The internal interface is setup with the IP *.*.192.254 with the gateway *.*.192.1 and this one interface handles all traffic.

All I require is that all web traffic comes through the UTM, web filtered, then out to the existing firewall.

 

Thanks in advance



This thread was automatically locked due to age.
Parents
  • 0

    Since you have an existing firewall, i would recommend keeping it at the perimeter.   UTM opens unwanted ports and the UTM firewall rules are ignored when a proxy is involved.

    Therefore, you want to change your interface from static to bridged, which process is not well defined.

    Then you connect the inside interface of the firewall to one of the Uztm bridged NICs. You also may need a crossover cable (or ethx command in shell mode) to flip from mdi to mdix, as my  appliance cannot do automatic mdix detection.

    In bridged mode, you have to itemize every LAN prorocol that is allowed across tbe bridge.  I tried once and had trouble, probably because my protocol list was incomplete, and have not yet tried again.

Reply
  • 0

    Since you have an existing firewall, i would recommend keeping it at the perimeter.   UTM opens unwanted ports and the UTM firewall rules are ignored when a proxy is involved.

    Therefore, you want to change your interface from static to bridged, which process is not well defined.

    Then you connect the inside interface of the firewall to one of the Uztm bridged NICs. You also may need a crossover cable (or ethx command in shell mode) to flip from mdi to mdix, as my  appliance cannot do automatic mdix detection.

    In bridged mode, you have to itemize every LAN prorocol that is allowed across tbe bridge.  I tried once and had trouble, probably because my protocol list was incomplete, and have not yet tried again.

Children
No Data