This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Count When Front FW

Hi,

I am considering using Sophos as front firewall in a 2 firewall config.

This will be a fairly standard implementation - lan devices behind the back firewall, dmz devices in between.

From a licensing point of view, the lan devices will have the back firewall as their default GW.

So by my reckoning, only DMZ devices and the back firewall will be counted as Users by the UTM (front FW)? - As well as any VPN connections etc.

Is this accurate?

This thread was automatically locked due to age.

Parents

0 BAlfson over 11 years ago

Hi, Boris, and welcome to the User BB!

If the Sophos is only a firewall (no proxies and no IPS), you likely can use the Essentials license which is free. However, ...

I would not have the second firewall do NAT. In fact, I would not use a second firewall. I would propose that you use only a Sophos. It's very easy to create a DMZ/LAN separation that's just as secure as in your two-firewall scheme.

Barry is right that NATting behind a UTM to avoid having the UTM see the real number of IPs behind it is a violation of the licensing agreement.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 11 years ago

Hi, Boris, and welcome to the User BB!

If the Sophos is only a firewall (no proxies and no IPS), you likely can use the Essentials license which is free. However, ...

I would not have the second firewall do NAT. In fact, I would not use a second firewall. I would propose that you use only a Sophos. It's very easy to create a DMZ/LAN separation that's just as secure as in your two-firewall scheme.

Barry is right that NATting behind a UTM to avoid having the UTM see the real number of IPs behind it is a violation of the licensing agreement.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data