Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 4 subscribers
  • Views 2765 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Vlan Configuration to connect to VLAN Host behind Sophos UTM

Mi Cha

Hi,

I need to connect to one Host which is on VLAN 2 and located behind the Sophos.

VLAN 2 Host is located with VLAN 3 and VLAN 4 Switch on the same Port and ESX Server.

The Connection is initialized from Server 1 which is located with Server 2 and Server 3 on the same VMWare Server the same VSwitch and the same Switch Port.

There is no VLAN configured on the LAN Side in which the Servers are located.

What's best practice to allow communication with VLAN 2 Host? Add VLAN2 on the VSwitch of Server 1 and forward the VLAN through the Switches to the UTM? Is Server 1 still able to talk to other Systems on the LAN which aren't configured for VLAN ?

Server 2 and Server 3 are now also tagged with VLAN2 because they are lcoated on the same Switch Port and same VSwitch and so shouldn't be able to talk to other Systems without a configured VLAN Tag ?

Or add a Port tagged Vlan on the last LAN Switch in Front of the Sophos ? What happens to communication to other Networks behind the Sophos for which the VLAN 2 Tag also get forwarded from the Sophos and doesn't have a Switch to strip the VLAN Tag ?

Thx & Greetings



This thread was automatically locked due to age.
  • 0

    Hi and welcome to the UTM Community!

    It's not clear to me what things are where.  In general, you will want to have all LANs and VLANs defined on UTM Interfaces.  WebAdmin will then automatically create all necessary routes between the subnets.  You will only need to create firewall rules to allow the traffic you want.

    If you're using Web Filtering, you might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML