Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 1774 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED with multiple subnets

IngoPohlschneider
Hello everyone,
on some sites I have several subnets (locally routed by a L3-switch). The sites are connected via a RED10
Currently I use the following config on my UTM shown in the attached scheme.
This config has the following issues:
[LIST=1]
  • Only the "RED-subnet" benefits from auto-firewall rules
  • Firewall rules for all other subnets have to be manually configured
  • Network objects for the other remote networks have to be defined
  • Static routes have to be configured
[/LIST]

Is there a better way to do this? One that might be less error prone.
I thought about using /16 subnetting on the RED-Interface, but this would not solve the problem, that the UTM sees the subnet as a local interface routing-wise (via the RED interface) and therefore does not know anything about the L3-switch on the remote site as next hop

Best regards


This thread was automatically locked due to age.
  • 0
    I'm bit confused by your diagram, Chas.  Is the RED in the same 10.x.0.0/24 subnet with other devices as your diagram implies?  Is the "10.y.0.0/8" really a /8 and aren't you having routing problems because of that?

    In any case, I think a 10.x.0.0/22 subnet for the RED would solve your issues as long as this doesn't overlap with another subnet on the UTM.  I think the L3 switch will answer ARP requests for the other IPs behind it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?