Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 5779 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple Masquerading Rules from one internet network?

John Paul Hayes

Hi Folks,

 

I'm running a Sophos UTM v9.501-5 box and have a question (n00b potentially) about masquerading.

As per screen grab below, would masquerading the same internal network cause any issues? 

Also, is there any way of locally confirming that the traffic coming from this box is that of the correct external address (in this case I need to confirm its External 3 CUH - 192.168.80.182)

Thanks in advance!

JP



This thread was automatically locked due to age.
  • 0

    Hi JP,

    Masquerading rules are processed in a top-down manner. So traffic coming from the internal network should always be masqueraded by the external interface IP and not 3 CUH.

    You can confirm this by running a tcpdump on the console using 'any' for interface value and the destination ip for the host value.

    If what you are trying to achieve is load balancing between multiple WAN links, that is configured via Interfaces & Routing > Uplink Balancing or Multipath Rules

    Cheers,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0

    Hi, JP and welcome to the UTM Community!

    As Karlos said, the best way to make sure the traffic uses one External interface instead of the other is to use Uplink Balancing with Multipath rules.  It's also possible to use Static Routing.  With Multipathing, you would have a single masq rule 'Internal (Network) -> Uplink Interfaces'.  With static routing, you would need the two masq rules you showed above and possibly additional firewall rules.

    Note that the Web Proxy will automatically send traffic out the External interface with a default gateway.  If both have a default gateway, you will already have activated Uplink Balancing and you will have to use Multipathing.

    Net net - without knowing what led you to ask this question, we're left with too many questions.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?