This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forwarder to 3rd Party Firewall behind Sophos UTM

I'm using the Sophos UTM as the main firewall for my whole network (productive and lab).

Lately I came across several lab scenarios where I would need to have a separate firewall (because the issues are around firewall configuration). For outgoing connections this is not a problem and works fine having the 3rd party firewall's WAN on the UTMs lab interface.

Now my problem is the incoming stuff: I am having only one external IP address and I am using NAT and Webserver Protection on the UTM. Is it possible to forward everything that is coming to a certain address (e.g. zyxel.mydomain.net) to that 3rd party firewall and all other stuff like IP and other DNS names are handled as usual by the UTM?

Thanks

Christian

This thread was automatically locked due to age.

Parents

0 emmosophos over 4 years ago

Hello Christian,

Thank you for contacting the Sophos Community.

You could create additional DNAT rules to forward the traffic on specific ports to the 3rd party Firewall, as long as you don't use a port for traffic destined to your UTM real servers you should be fine, also in the DNAT you can always MAP the port to the port you want your Firewall to listen to.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 emmosophos over 4 years ago

Hello Christian,

Thank you for contacting the Sophos Community.

You could create additional DNAT rules to forward the traffic on specific ports to the 3rd party Firewall, as long as you don't use a port for traffic destined to your UTM real servers you should be fine, also in the DNAT you can always MAP the port to the port you want your Firewall to listen to.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Chregu Held over 4 years ago in reply to emmosophos

Hello Emmanuel

Thank you for your suggestion. But that would mean that I need to configure every single port [DNAT] on the Sophos UTM in order to use it on the 3rd party firewall. My goal is to tell the UTM to forward everything (sent to a certain DNS address) to that 3rd party firewall and that it can be configured there if it should be let in or not.

E.g. some cheap SoHo Routers can be configured to send everything to a machine behind it.

Do you think that is possible?
Cancel
Vote Up 0 Vote Down

Cancel