I have 5 web servers in an AWS VPC. The Sophos and web servers are all located in the same public subnet. While I was first setting up the Sophos, I had an Elastic Network Interface (ENI) with single private and public IP. While testing connectivity, I set up a real and virtual web server and pointed the web server to the ENI primary public IP and tested connectivity with a browser which worked fine. The problem is that if I associate another AWS public IP to the ENI and use the 2nd public IP to test connectivity there is no connection.
My AWS ENI
10.0.0.5 / 54.208.x.22 (Sophos UTM primary private and public IPs)
10.0.0.6 / 54.209.x.33 (additional private and public IPs associated to the same ENI)
In Sophos Interfaces & Routing
The AWS ENI shows up on the Interfaces tab as eth0 (10.0.0.5) and is the default gateway and is active.
I have added the public IPs on the Additional Interfaces tab.
54.208.x.22 and 54.209.x.33 both on eth0 and are enabled.
Under WebServer Protection>WAF
I created a real web server and pointed it to one of my web servers (10.0.0.50) and is enabled.
I created a virtual web server and point it (interface eth01 10.0.0.5, port 80, domains box 10.0.0.50,54.208.x.22) to the AWS ENI primary private and public IPs – this worked fine. I was able to pull up the site in a browser.
To test connectivity to the 2nd public IP, I edited the virtual web server and pointed it (modified the domains box and deleted 54.208.x.22 and added the 2nd IP 54.209.x.33. so the domains box now looks like this:
10.0.0.50
54.209.x.33
I am not able to connect to the site now with a browser. I have also tried attaching a 2nd ENI to the Sophos instance with its own private and public IPs and updated the virtual web server with no luck.
Is there a trick to getting multiple AWS public IPs to work with the Sophos UTM?
This thread was automatically locked due to age.
