This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Count When Front FW

Hi,

I am considering using Sophos as front firewall in a 2 firewall config.

This will be a fairly standard implementation - lan devices behind the back firewall, dmz devices in between.

From a licensing point of view, the lan devices will have the back firewall as their default GW.

So by my reckoning, only DMZ devices and the back firewall will be counted as Users by the UTM (front FW)? - As well as any VPN connections etc.

Is this accurate?

This thread was automatically locked due to age.

0 gfreiler over 11 years ago

Hi,

yes this is right.
But I think this would be an license isue.
Maybe any other here could say more about that?

Gerald
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 11 years ago

Hi, best to ask your reseller what the official policy is.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 Boris60 over 11 years ago in reply to BarryG

Hi,

Thanks for responding. I had asked our local reseller but the answer wasn't very clear.
Cancel
Vote Up 0 Vote Down

Cancel
0 gfreiler over 11 years ago

Did you use appliance or software version from utm?
Cancel
Vote Up 0 Vote Down

Cancel
0 Boris60 over 11 years ago in reply to gfreiler

Neither yet, still deciding the best way to go.

But the question relates to the software version.

The appliance doesn't have a user limit anymore - but I would far prefer to use the software version. Atom CPU makes me nervous given all the features that keep being added to the product.
Cancel
Vote Up 0 Vote Down

Cancel
0 apijnappels over 11 years ago

Atom is not good (too slow) when using IPS. I use Atom at home and get about 80mbps throughput with only web filtering enabled and IPS disabled.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

Hi, Boris, and welcome to the User BB!

If the Sophos is only a firewall (no proxies and no IPS), you likely can use the Essentials license which is free. However, ...

I would not have the second firewall do NAT. In fact, I would not use a second firewall. I would propose that you use only a Sophos. It's very easy to create a DMZ/LAN separation that's just as secure as in your two-firewall scheme.

Barry is right that NATting behind a UTM to avoid having the UTM see the real number of IPs behind it is a violation of the licensing agreement.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel