Rules for internal LANS

Question

We have recently purchased a Sophos UTM and I'm in the process of setting it up to replace our existing Juniper firewall. I'm new to Sophos and hopefully this is a simple question. 
 We have 5 different sites in our company's network. Each building has its own subnet. Our internet provider links our sites together through an MPLS solution. All internet traffic is routed through 1 site. We're replacing the Juniper at that main site with a Sophos UTM. All of our internal traffic from 5 subnets routes through a single interface on the firewall. I've labeled the internal port "LAN" and the external "Internet". We currently have manual routing rules in place to route traffic to all of the internal subnets through the LAN port and I will be setting those up on the UTM, as well. 
 Juniper uses the "zone" concept to make it very easy to set up firewall rules based on interfaces. ie All traffic from this interface to that interface-allow. If I want to allow traffic for a certain service from all internal subnets to the Internet, what's the best way to do that?

Jas Man · Accepted Answer

If the UTM should do the routing between the different sites / subnet, the UTM needs one IP in every subnet. Therefore you will need VLANs. Otherwise you have not the possibility to define 5 different IP addresses on the one LAN interface of the UTM. 
 
If another device do the routing between the sites / subnets, and your UTM is only the exit to the Internet, then you can work with network definitions.

Jas Man · Answer

Yup, destination "Any" allows also the internal communication. There is a object called "Internet IPv4". This defines all external IP addresses and that is what you will need as destination.