Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 767 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM and additional network

Liam Steven

Hi

I have an MPLS WAN network with 15 offices and a central internet connection at head office; all 14 other sites route into head office for their internet. We have two Sophos UTMs in HA.

We use SIP trunking via our telecoms provider but recently we installed (at their recommendation) a small EFM broadbands connection designed for our SIP traffic only. This is independent of our MPLS network.

This service has a Draytek Vigor 2860 for firewall/router but is connected directly to our LAN so the telephone system can reach it to send/receive SIP traffic.

I told the service provider that I felt it was pointless having two Sophos UTMs if we simply patch the Vigor onto our LAN. They told me that the Vigor is a gen2 firewall with only their office IP having access and every port closed other than those for SIP.

I said that we should use and in/out on the Sophos UTM so the Vigor connects via the UTM and then onto the LAN via the UTM.

What should we do?

Any help appreciated!



This thread was automatically locked due to age.
Parents
  • 0

    Hi Liam and welcome to the UTM Community!

    This is a difficult question.  Clearly, the VoIP provider is nervous about using anything other than the box they understand.  If they can provide proof that their VoIP equipment is secure and cannot be hacked, you're probably OK.

    I agree with you that it seems simple enough to let the UTM control this traffic.  I bet it's more complicated than just SIP, but that the sales staff and technicians don't know how the Draytek is configured.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi Liam and welcome to the UTM Community!

    This is a difficult question.  Clearly, the VoIP provider is nervous about using anything other than the box they understand.  If they can provide proof that their VoIP equipment is secure and cannot be hacked, you're probably OK.

    I agree with you that it seems simple enough to let the UTM control this traffic.  I bet it's more complicated than just SIP, but that the sales staff and technicians don't know how the Draytek is configured.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML