Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 627 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quick Question about Network Block

Jared Thomson

Should be easy answer,  I just want to confirm if I am doing this right as I've started a new UTM from scratch and couldn't transfer over my definitions due to hardware change.

I regularly get ranges of IPs which although coming from specific countries, evade country filtering and rotate IPs to brute force.  I have a firewall rule and an underlying network definition that I use called known attackers to block at the firewall layer; I also use this definition in NAT and email protection.  Instead of entering individual IPs I normally create a subsequent definition in known attackers with the type network and enter the IPs in the style of 192.168.1.0 and subnetmask 255.255.255.0 with the final octet a zero to denote the entire range.  Is this correct, or should I be using the range definition and setting 192.168.1.1 - 192.168.1.255?

Thanks,

Jared



This thread was automatically locked due to age.
  • +1

    first: you should be able to transfer your config to new hardware. Possible you have to reorder the interfaces afterwards. You need a new license if hardware type changes ... afterwards too.

    you may use a range definition or a subnet definition. booth should work.

  • 0 in reply to dirk privat

    Thanks for this feedback.  Normally I would have done as you suggest, but unfortunately the config backups from my home made system applied to dual SG210s caused some very weird DB failures and inability to apply NAT or firewall rules.  I decided the best approach was to start from scratch.

  • 0

    Hi Jared and welcome to the UTM Community!

    Dirk is correct.  There's no reason for the restore to not work as long as you subsequently upload the license file.

    My guess is that you restored the backup separately to the two SGs and that will cause strange problems.  Here are the instructions I give to my clients:

    1. If needed, do quick, temporary installs so that the new devices can download Up2Dates, apply the desired Up2Dates (all the way to 9.705), do a factory reset and power both units off. If the new units are at the same level or higher than the current UTMs, this step is unnecessary.
    2. Create a backup and load it onto a USB memory stick.
    3. With the USB memory stick in place, power up the device that will begin as the new Master and remove the memory stick after the boot is complete.
    4. Connect a PC to the new Master and upload the license for the new SG, leaving the new Master powered up.
    5. Verify that the configuration on the new SG Master is correct (The ports and interfaces could potentially be in a different order, re-configure them as necessary), and then disconnect the PC.
    6. Power down the current UTM Slave and move its cables to the new SG Slave which remains powered down.
    7. Power down the current UTM Master and move the cables to the new SG Master.
    8. Wait for the new SG Master to be READY.
    9. Power up the new SG Slave. Done.

    Any better luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to dirk privat

    Dirk if you translate my instructions below into German, please send me a copy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML