Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 12639 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM traffic redirection between 2 UTM in different offices

fustyler

I have the following scenario:

2 offices in different countries connected via leased line directly to each other. Each office has its own UTM and Internet connection.

Now, I want certain web traffic from UTM B in office B to be redirected to the UTM A in office A via leased line and use the Internet line from Office A (instead of using internet link from Office B)

I tried adding policy route into UTM B to redirect certain IP to UTM A, and added a NAT and firewall rule on UTM A to allow Office B access the internet.  At the moment I am not having any luck - is there a simple method to do this or am I missing something?

Thanks.



This thread was automatically locked due to age.
  • Further comment: UTM A have route to access Office B; UTM B have route to access Office A.
    topology:
    Internet----UTM_A---Office_A----------Leased line---------Office_B---UTM_B----Internet
  • Is this about redirecting some HTTP/S traffic so that requests from B arrive at a server on the internet with the IP of A?
    Do both UTMs have Web Filtering active? In Transparent or Standard?Cheers - Bob
  • in reply to BAlfson
    No. I would like to have a situation where for certain web traffic, Office_B sends to UTM_B, then UTM_B redirects to UTM_A and use the internet line from the left. The rest of the internet traffic from Office_B can go straight out of the Internet line on the right. Web filtering is active on both, I think it's standard.
  • in reply to fustyler

    That's not enough information to give you explicit instructions, but I think the tool you're looking for is the 'Parent Proxies' tab in 'Web Filtering Profiles'.

    Cheers - Bob

  • in reply to BAlfson
    The parent filtering proxy solution does not solve the issue.

    I'm not sure what further information is needed. To explain again, I have 2 offices, each with its own UTM and internet line, with a leased line connecting the two offices. I would like one office to have certain web traffic (sophos.com for example) to redirect from the local UTM in that office to the UTM in the remote office, and go out the internet line from the other office. The rest of web traffic can flow through the local UTM without redirection.

  • Assume that the company has a content subscription at a fixed price for all requests coming from a single IP and that that IP is on the WAN port of UTM A.  Assume the content server can be reached at 66.77.88.99.

    In UTM A, configure a Web Filtering Profile with no active filtering that has, in 'Allowed networks', the IP of the primary address on UTM B's leased line connection.

    In UTM B, create a Parent Proxy definition for all traffic going to 66.77.88.99 and assign as the parent proxy the primary IP on UTM A's leased line connection.  Assign this Parent Proxy to the apprpriate Filter Action(s).

    How is your scenario different from that?

    Cheers - Bob
    PS There also is a way to build an IPsec VPN between the two sites and SNAT traffic out of UTM B's HTTP/S Proxy into the tunnel so that it can go out UTM A's WAN port, but it's more complex and would be less obvious to Sophos UTM Support if you had issues related to it.