Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 1103 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Count When Front FW

Boris60
Hi,

I am considering using Sophos as front firewall in a 2 firewall config.

This will be a fairly standard implementation - lan devices behind the back firewall, dmz devices in between.

From a licensing point of view, the lan devices will have the back firewall as their default GW.

So by my reckoning, only DMZ devices and the back firewall will be counted as Users by the UTM (front FW)? - As well as any VPN connections etc.

Is this accurate?


This thread was automatically locked due to age.
  • 0
    Hi,

    yes this is right. 
    But I think this would be an license isue. 
    Maybe any other here could say more about that?

    Gerald
  • 0
    Hi, best to ask your reseller what the official policy is.

    Barry
  • 0 in reply to BarryG
    Hi,

    Thanks for responding. I had asked our local reseller but the answer wasn't very clear.
  • 0
    Did you use appliance or software version from utm?
  • 0 in reply to gfreiler
    Neither yet, still deciding the best way to go.

    But the question relates to the software version.

    The appliance doesn't have a user limit anymore - but I would far prefer to use the software version. Atom CPU makes me nervous given all the features that keep being added to the product.
  • 0
    Atom is not good (too slow) when using IPS. I use Atom at home and get about 80mbps throughput with only web filtering enabled and IPS disabled.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    Hi, Boris, and welcome to the User BB!

    If the Sophos is only a firewall (no proxies and no IPS), you likely can use the Essentials license which is free.  However, ...

    I would not have the second firewall do NAT.  In fact, I would not use a second firewall.  I would propose that you use only a Sophos.  It's very easy to create a DMZ/LAN separation that's just as secure as in your two-firewall scheme.

    Barry is right that NATting behind a UTM to avoid having the UTM see the real number of IPs behind it is a violation of the licensing agreement.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner