Hi,
I have a question concerning the setup of a VDSL line on a HA cluster consisting of two SG230 UTM appliances.
Our current setup consists of said two SG230 running mainly web protection and ssl vpn.
Our VDSL line is connected to an AVM FritzBox which is acting as the default gateway for the SG230s.
We now wanted to get the FritzBox out of the picture and let the SG230 handle the PPPoE connection itself. Mainly for security reasons because right now, one only needs to type in the ip address of the FritzBox as their default gateway and since there doesn't seem to be a way to limit outgoing connection using firewall rules on AVM kit (it's basically SOHO equipment, after all) you're scot free to simply bypass the Sophos UTM.
The other reason is convenience: Right now we have to setup two separate port forwardings to make internal services accessible from the internet. Once on the FritzBox and then again on the UTM.
My problem is: Since we're basically using two SG230 units but have only one VDSL line, how can I go about connecting the VDSL modem to both UTMs at the same in order to stay connected to the internet in case of a HA failover? Apart from switching the VDSL modem to the then active WAN port?
Is this at all possible? Or would we need two physical VDSL lines and two VDSL modems to get this to work?
We're using a Draytek Vigor 130 VDSL modem, btw.
Thanks in advance,
Dominik
This thread was automatically locked due to age.
