Hello everyone, on some sites I have several subnets (locally routed by a L3-switch). The sites are connected via a RED10 Currently I use the following config on my UTM shown in the attached scheme. This config has the following issues: [LIST=1] Only the "RED-subnet" benefits from auto-firewall rules Firewall rules for all other subnets have to be manually configured Network objects for the other remote networks have to be defined Static routes have to be configured [/LIST] Is there a better way to do this? One that might be less error prone. I thought about using /16 subnetting on the RED-Interface, but this would not solve the problem, that the UTM sees the subnet as a local interface routing-wise (via the RED interface) and therefore does not know anything about the L3-switch on the remote site as next hop Best regards

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED with multiple subnets

Hello everyone,
on some sites I have several subnets (locally routed by a L3-switch). The sites are connected via a RED10
Currently I use the following config on my UTM shown in the attached scheme.
This config has the following issues:
[LIST=1]

Only the "RED-subnet" benefits from auto-firewall rules
Firewall rules for all other subnets have to be manually configured
Network objects for the other remote networks have to be defined
Static routes have to be configured

[/LIST]

Is there a better way to do this? One that might be less error prone.
I thought about using /16 subnetting on the RED-Interface, but this would not solve the problem, that the UTM sees the subnet as a local interface routing-wise (via the RED interface) and therefore does not know anything about the L3-switch on the remote site as next hop

Best regards

This thread was automatically locked due to age.

Parents

0 BAlfson over 10 years ago

I'm bit confused by your diagram, Chas. Is the RED in the same 10.x.0.0/24 subnet with other devices as your diagram implies? Is the "10.y.0.0/8" really a /8 and aren't you having routing problems because of that?

In any case, I think a 10.x.0.0/22 subnet for the RED would solve your issues as long as this doesn't overlap with another subnet on the UTM. I think the L3 switch will answer ARP requests for the other IPs behind it.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 10 years ago

I'm bit confused by your diagram, Chas. Is the RED in the same 10.x.0.0/24 subnet with other devices as your diagram implies? Is the "10.y.0.0/8" really a /8 and aren't you having routing problems because of that?

In any case, I think a 10.x.0.0/22 subnet for the RED would solve your issues as long as this doesn't overlap with another subnet on the UTM. I think the L3 switch will answer ARP requests for the other IPs behind it.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data

RED with multiple subnets

Submitted a Tech Support Case lately from the Support Portal?