Hello,
We have deployed a test Sophos UTM v9 in Amazon AWS (micro instance for testing).
All good; Sophos in a public subnet with an associated elastic IP address. Got some servers behind it (we have a VPC, Sophos connected to a public subnet, VPC servers to a private subnet); Amazon Sophos is connected to our corporate Astaro with an IPsec s2s. Our datacenter servers can connect with the VPC servers and vice versa over the s2s tunnel.
With the associated elastic IP we can successfully DNAT and access from the Internet the VPC servers behind Sophos.
I added a secondary "public" IP address to the Sophos instance and "bound" it to another elastic IP address in order to do a full DNAT to a VPC server.
But I cannot assign the "public" IP address to Sophos UTM; when I try to add the additional IP within GUI, it says "The cable modem interface object 'Internal' is write protected."
This is pretty much a show killer as limits very much the Sophos usability in this scenario (unless we add extra interfaces, but this overcomplicates things).
Is this a micro instance limitation or a Sophos limitation ?
Thanks,
Adrian
This thread was automatically locked due to age.
