Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 2960 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cascading firewalls

Frederich
Hi again,

I would like to extend my setup to increase security and add another UTM appliance as a border gateway doing the uplink stuff and VPN and have my current UTM only doing firewalling/routing/etc. for internal networks only.

I have a lot of rules depending on authenticated Active Directory users which will fail after extending the setup because the inner UTM does not know anything about the users because the VPN service which gets the users known to the UTM is on border firewall.

How can I get this to work together?


Best regards

Frederich


This thread was automatically locked due to age.
  • 0
    Frederich, I don't think you will have better security by adding a layer outside your current UTM.

    If you have budget for an additional unit, why not consider a Hot-Standby (Active-Passive) configuration?  This requires no additional licensing.

    What version are you using now - 9.306?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Well, this really adds another layer of security.
    And we already have an HA setup. But this was not my question.

    We use the latest version.

    Does someone have any suggestion?
  • 0
    If both devices can be managed by the same people, then I don't understand how there's additional security - I only see additional complexity as you explained above.

    With two layers, you have to create routes, maybe NAT and firewall rules.  Without a network diagram complete with servers, IPs, etc., it's hard to be specific.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    If you were to use two different products, using different vendors scans, it would increase security.  Having the same product, doing the same scans against the same rules/databases twice increases complexity and latency with no benefit.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?