Hello,
I am attempting to replicate my fully working existing pfsense firewall with a UTM9 system. I am using ESX5.5 and passing a lag (with 2 interfaces) through trunking several VLANs including my Internet connection and local LANs. This has been working very well with pfsense for a year but with much encouragement from a friend I'm trying the UTM. I'm close, but not quite.
Support pics: https://www.dropbox.com/sh/zftlw6qj0hjkz2g/AACc3bJZcc8Oamo6rEzGsS3_a?dl=0#/
Note: Attaching them in groups of 5 in following posts also.. #security
Basically I have the following:
eth0, eth1 aggregated into lag0
eth2 Guest Network (physical interface) - DHCP enabled
eth3 Management (physical OOB management network interface) - DHCP enabled
lag0 Trunk which carries the following vlans:
VLAN10-Shed1 - DHCP Enabled
VLAN5-Home - DHCP Enabled
VLAN666-NBN - Set to Dynamic IP and IPv4 Default GW
The internet connection is brought to the UTM via VLAN666, it is assigned via DHCP a single IP address and is set to be the Default Gateway
VLAN 5 and 10 as well as Guest are just seperate Networks for isolating different devices on seperate subnets assigned with varying DHCP settings.
Everything seems great, all the interfaces come up including VLAN666 which is assigned my IP address from the ISP (I have NBN in Australia) and the default gateway shown (Please note I removed the last 2 octets for privacy on the images, they are there and correct).
The only problem is I have no internet connectivity. I've tried all sorts of rules and playing with routes (which i know shouldnt need to be done). The rules shown in the pic are from the default of a UTM setup with the wizard and simply should work.
Fault finding:
You can see the firewall live log shows it's functioning wanting to pass the correct traffic (DNS and web)
A ping check of the gateway fails with the support tool which is odd, something to note though when checking the 'Ping over Inferface' dropdown theres the choice of Use Closest Route, Guest, Management and Trunk only. Interesting, no VLAN interfaces. Could this be the issue?
At this stage after quite a bit of experimentation I'm not certain that this isn't a bug of some sort. Routing my internet traffic via a default gateway on a trunked vlan interface.
Now, I know this works.. I do it now with pfsense and I can turn off the UTM interfaces and power up pfsense and away it goes perfectly. I'm close with UTM, but if anyone could help I'd much appreciate it.
I _could_ bring out VLAN 666 on a single port from the switch to a single physical interface on the ESX host and pass it through as a single interface to UTM, but given pfsense works fine with the inbound vlan/gateway I would have expected UTM to do at least the same no?
Regards..
PP
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
