I am using the free UTM 9.1 and installed it on a 4 core amd pc with a 256GB SSD and 8 gigs of ram, it has 5 network cards in it. I am looking for the best suggestions how to configure the network I want an unsecured wireless guest network with its on DHCP scope , a DMZ for my own domain website as well as remote and mail servers , a full dhcp scope for my private uber secure network secured wireless netowrk with DHCP scope connected to my private LAN I can see the network cards under the interface list but since they are all the same I cant figure out which is which.. I am sure I can find a way I do have my own domain name and 5 static IP's from my ISP which will be used for my DMZ, I am assuming I can use 1 static IP to NAT to the guest network any suggestions or caveats to watch out for would be welcome, I am familiar with Cisco and Watchguard firewalls but not Sophos UTM Thanks in advance

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

need help planning a DMZ and guest network

I am using the free UTM 9.1 and installed it on a 4 core amd pc with a 256GB SSD and 8 gigs of ram, it has 5 network cards in it.
I am looking for the best suggestions how to configure the network

I want an unsecured wireless guest network with its on DHCP scope ,
a DMZ for my own domain website as well as remote and mail servers ,
a full dhcp scope for my private uber secure network
secured wireless netowrk with DHCP scope connected to my private LAN

I can see the network cards under the interface list but since they are all the same I cant figure out which is which.. I am sure I can find a way

I do have my own domain name and 5 static IP's from my ISP which will be used for my DMZ, I am assuming I can use 1 static IP to NAT to the guest network

any suggestions or caveats to watch out for would be welcome, I am familiar with Cisco and Watchguard firewalls but not Sophos UTM

Thanks in advance

This thread was automatically locked due to age.

Parents

0 William Warren over 10 years ago

100 megabits and 20 total users..it depends on how much activity you have. IN your case i would make a config backup..install vmware..present only two vcpus to the utm and tell vmware to send 90% of the total ghz to that one vm..then you won't ever have to worry about the QC performance issues when ips is deployed.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 sheetzdw over 10 years ago in reply to William Warren

I can make this virtual , seems like a flaw in the product if I can give it too much processing power. This pc was perfect for a firewall project with 5 NICs and such speed.

Anyhow.. to the real point, once I virtualize this to prevent performance issues , do you any suggestions on how to break down the network and DMZ , can I use all 5 NICs? I would like LAN,WAN,Guest,DMZ, and LAN2 for redundancy on the LAN connection...
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 sheetzdw over 10 years ago in reply to William Warren

I can make this virtual , seems like a flaw in the product if I can give it too much processing power. This pc was perfect for a firewall project with 5 NICs and such speed.

Anyhow.. to the real point, once I virtualize this to prevent performance issues , do you any suggestions on how to break down the network and DMZ , can I use all 5 NICs? I would like LAN,WAN,Guest,DMZ, and LAN2 for redundancy on the LAN connection...
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 William Warren over 10 years ago in reply to sheetzdw

I can make this virtual , seems like a flaw in the product if I can give it too much processing power. This pc was perfect for a  firewall project with 5 NICs and such speed.

Anyhow.. to the real point, once I virtualize this to prevent performance issues , do you any suggestions on how to break  down the network and DMZ , can I use all 5 NICs? I would like LAN,WAN,Guest,DMZ, and LAN2 for redundancy on the LAN connection...

it's not a design flaw it's the nature of IPS.  Snort is single threaded which means it is powered by raw ghz..that's it.  Modern processors are designed for multi-threaded programs and are less reliant on raw ghz.  when you don't put enough load on the box modern cpu's won't ramp up the ghz...therefore ips doesn't process as fast and you effectively put a speed cap on your machine.  This is why I recommend for small deployments use either an atom(for anyone below 30 megabit wan) or a fast dual core machine like an i_3.  AMD i do NOT recommend due to their faulty internal design IMO. If you oversize the hardware then you are designing the load for the hardware and you won't get the performance you want...and you'll be one of the many folks who in the past have wondered...why won't this barn burner of a machine fill my WAN pipe?

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

need help planning a DMZ and guest network

Submitted a Tech Support Case lately from the Support Portal?