Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 644 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forwarder to 3rd Party Firewall behind Sophos UTM

Chregu Held

Hi

I'm using the Sophos UTM as the main firewall for my whole network (productive and lab).

Lately I came across several lab scenarios where I would need to have a separate firewall (because the issues are around firewall configuration). For outgoing connections this is not a problem and works fine having the 3rd party firewall's WAN on the UTMs lab interface.

Now my problem is the incoming stuff: I am having only one external IP address and I am using NAT and Webserver Protection on the UTM. Is it possible to forward everything that is coming to a certain address (e.g. zyxel.mydomain.net) to that 3rd party firewall and all other stuff like IP and other DNS names are handled as usual by the UTM?

 

Thanks

Christian



This thread was automatically locked due to age.
  • 0

    Hello Christian,

    Thank you for contacting the Sophos Community.

    You could create additional DNAT rules to forward the traffic on specific ports to the 3rd party Firewall, as long as you don't use a port for traffic destined to your UTM real servers you should be fine, also in the DNAT you can always MAP the port to the port you want your Firewall to listen to.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hello Emmanuel

     

    Thank you for your suggestion. But that would mean that I need to configure every single port [DNAT] on the Sophos UTM in order to use it on the 3rd party firewall. My goal is to tell the UTM to forward everything (sent to a certain DNS address) to that 3rd party firewall and that it can be configured there if it should be let in or not.

    E.g. some cheap SoHo Routers can be configured to send everything to a machine behind it.

     

    Do you think that is possible?

  • 0

    Hallo Christian and welcome back to the UTM Community!

    The only time an FQDN is visible is when someone sends an HTTP/S query to the external IP.  In that case, you can use Webserver Protection to send inbound traffic to your lab firewall.  Otherwise you can only achieve what you want with an Additional Address on the External interface.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML