Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 12392 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Definition (Any vs Internet IPv4 + Internet IPv6)

btank
In the TMG Administrators Guide to Sophos UTM it is stated ....
"To allow the equivalent of “External” in Sophos UTM, use the
“Internet IPv4”and “Internet IPv6” objects in tandem...".

Is there any difference between using those two in tandem vs. using the "Any" network definition?

Thanks,
-bt


This thread was automatically locked due to age.
Parents
  • 0
    Yes, the Internet objects are bound to the Default Gateway interface.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen

    Sorry to bring this old thread up.......

    Could somebody clarify this?

    Lets say you have 4 internal interfaces and 2 external ones going to the internet (with one being tagged as the default gateway)

    Would a rule INTERNAL LAN 1 > SMTP > ANY INTERNET only allow the INTERNAL LAN 1 to go out via the default gateway? As opposed to a rule of INTERNAL LAN 1 > SMTP > ANY allow INTERNAL LAN 1 to go to any interface?

    I ask because when the UTM is being setup by the wizard, it allows the LAN to go to ANY rather than ANY INTERNET which may be a good idea when setting up as the UTM might not always be internet facing. However, I think there should be some kind of prompt afterwards etc to alert people to set it up with "Any Internet" as opposed to "Any"

Reply
  • 0 in reply to Scott_Klassen

    Sorry to bring this old thread up.......

    Could somebody clarify this?

    Lets say you have 4 internal interfaces and 2 external ones going to the internet (with one being tagged as the default gateway)

    Would a rule INTERNAL LAN 1 > SMTP > ANY INTERNET only allow the INTERNAL LAN 1 to go out via the default gateway? As opposed to a rule of INTERNAL LAN 1 > SMTP > ANY allow INTERNAL LAN 1 to go to any interface?

    I ask because when the UTM is being setup by the wizard, it allows the LAN to go to ANY rather than ANY INTERNET which may be a good idea when setting up as the UTM might not always be internet facing. However, I think there should be some kind of prompt afterwards etc to alert people to set it up with "Any Internet" as opposed to "Any"

Children
  • 0 in reply to Louis-M

    If I follow your question, in the case of a firewall rule, there's no difference between the two traffic selectors applied to traffic going out a WAN connection. 'Internal (Network) -> SMTP -> Any' is the same as 'Internal (Network) -> SMTP -> Internet'.

    In some places, like NAT rules and Remote Access definitions, choosing one or the other can have a different result.  For example in Remote Access Profiles, add "Internet" to 'Local Networks' if the VPN client should be able to access the Internet as "Any" can confuse routing.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    so just to clarify then...

    If I have 2 internal lans that both nat to 1 wan. I don't want lan 1 to talk to lan 2.

    lan1 > http > any     <<<< would allow lan1 to any.

    lan1 > http > internet    <<< would this still allow lan1 to talk to lan2?

    I would have thought the above would only allow lan1 to the internet only?

  • 0 in reply to Louis-M

    "lan1 > http > internet <<< would this still allow lan1 to talk to lan2?"- You are correct, Louis.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?