Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 4 subscribers
  • Views 23705 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.3 would not work with my production network

lawrenceorewa

Good day folks, i have this challenge trying to integrate utm 9.3 trail version at least for 30 days for testing purpose. I finished installation on a vm, the plan to test on my production network which have cisco managed switch. The switch is configured with dhcp on three vlans. The switch connect to a cisco router as its default gateway. However this time i want to replace the router with a utm 9.3 appliance. Configured the basic settings on the appliance including the default gateway of the router now on the appliance. Plugged in the appliance on the network hoping for the best but unfortunately my internal network cannot access the internet. Thought that being on a vm could be the problem hence i installed on a physical box but i got same result. Tried all troubleshooting procedures yet to no avail. Even tried the bridge mode, same thing. How do i get this to work without altering my existing network configuration? Thank you



This thread was automatically locked due to age.
  • 0 in reply to BAlfson
    my best guess is that masquerading was missing and vlan interfaces not setup. since i have not heard back i can only guess.

    ---

    Sophos UTM 9.3 Certified Engineer

  • 0 in reply to Ben
    Hello Ben, few questions to ask. I have created the vlans. Do i bound the vlans to eth0 (internal) or eth1 (external)? Also do i create a masquerading for each vlan or leave at the default "internal network - external network"? I notice that the internal interface can browse but not the vlans. Also i can ping from my managed switch to sophos and back from sophos but when i try from clients on the network to ping the default gateway (sophos), i don't get reply. wondering!!!
  • 0 in reply to lawrenceorewa
    There are several misunderstandings here related to terminology. "Internal" and "External" refer to interfaces defined in WebAdmin. The two NICs you're using are eth0 and eth1. If the VLAN switch is connected to eth0, then the VLAN interfaces should be defined on eth0. Note that VLAN 1 is reserved in WebAdmin, so don't use that.

    The default Masq rule created by the installation wizard was 'Internal (Network) -> External'. You need such a rule for every network defined on a LAN interface, including the "(Network)" object for each of the VLANs.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Appreciate your assistance! i have carried out all that you suggested i do. However the inter vlan switch and the firewall appliance have not problem communicating but local clients cannot ping the firewall appliance and as such they can't still browse the internet. something i have done wrong?
  • 0 in reply to lawrenceorewa
    Pinging from inside the LAN is regulated on the 'ICMP' tab of Firewall. Pinging between networks (LAN & VLANs) requires specific firewall Allow rules.

    If the clients re trying to browse the Internet, you will need to add the appropriate "(Network)" objects to 'Allowed Networks' in Web Filtering or add those objects to the firewall rule created by the installation Wizard: 'Internal (Network) -> Web Surfing -> Internet : Allow'.

    If you're still not getting out, check the Web Filtering log as well as those logs listed in #1 in Rulz - community.sophos.com/.../22065

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Alright now if i want to set sophos to bridge mode and still be able to filter traffic, how do i go about that. U know i have a cisco router and a cisco layer 3 switch on my netowrk. currently the switch sees the router as its default gateway. When i put sophos in between the router and switch and bridge both interfaces "eth0 and eth1", should the ip address be in the same subnet as the router and switch? or not ip address at all or is there something else i should do. Thank you.

  • 0 in reply to lawrenceorewa

    Aha! Bridge mode.  Now I read your opening post differently.  What is it that you want to test, and what you do you expect to use the UTM it your tests are successful?  Do you intend to replace the Cisco with it?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I have exhusted all options to make it work but yet no way. What i wanted to do was that i replace the cisco router with sophos as traffic will move from cisco layer 3 switch to sophos so that sophos being the gateway to internet. So i felt that since that did not work for me, let me try the bridge mode. am actually running sohpos as a vm on hyper v. Anything wrong with that? sorry for different post caption.

  • 0 in reply to lawrenceorewa

    If you don't have a competent reseller, contact Sophos sales.  They will have a a pre-sales engineer that can get you on the right track to replacing the Cisco with a UTM in a VM.  It's going to take someone looking at what you have as we've run out of guesses here.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML