This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cascading firewalls

Hi again,

I would like to extend my setup to increase security and add another UTM appliance as a border gateway doing the uplink stuff and VPN and have my current UTM only doing firewalling/routing/etc. for internal networks only.

I have a lot of rules depending on authenticated Active Directory users which will fail after extending the setup because the inner UTM does not know anything about the users because the VPN service which gets the users known to the UTM is on border firewall.

How can I get this to work together?

Best regards

Frederich

This thread was automatically locked due to age.

Parents

0 BAlfson over 10 years ago

If both devices can be managed by the same people, then I don't understand how there's additional security - I only see additional complexity as you explained above.

With two layers, you have to create routes, maybe NAT and firewall rules. Without a network diagram complete with servers, IPs, etc., it's hard to be specific.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 10 years ago

If both devices can be managed by the same people, then I don't understand how there's additional security - I only see additional complexity as you explained above.

With two layers, you have to create routes, maybe NAT and firewall rules. Without a network diagram complete with servers, IPs, etc., it's hard to be specific.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data

Cascading firewalls

Submitted a Tech Support Case lately from the Support Portal?