Hi there,
I need to do the following with three prerequisites:
- 2 Sophos in HA (currently Active-Passive, but in the next weeks I go clustering)
- BGP Session with own public ASN and peering with two upstream carriers, I will get three transfer networks for routing with their routers
- Announcement of a /23 and a /24 subnet as well as several IPv6 Subnet
I want to achieve to have several interfaces on the UTM with private internal subnets with masquerading AND to have several interfaces on the UTM where I can use my public IPs, e.g. DMZ using with VMware NSX Edge Gateways, etc.
On the "DMZ" interfaces I do not want to use Web Protection Firewalls, etc.
I hopefully get my BGP sessions this week and wonder how to achieve the scenario.
My idea:
Setup two interfaces using the transfer networks in order to announce the external subnets.
Creating one external interface, e.g. a /29 subnet of my /24 to use as external interface as uplink for my internal masquerading interface.
But how to setup the DMZ network? I read something in the community to create a second interface with one of my public ips as interface address. But I want something like interface static routing in order to use the whole subnet on some ports.
Thank you and regards!
itger19
This thread was automatically locked due to age.
