Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 6418 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT from DMZ

YivgenyShipilevsky

Hello,

We have license for 75 IP's

LAN's and DMZ IP's go through Sophos FW.

There is some way configure that all DMZ clients will get out with NAT ?

I mean That sophos will stop count all IP's behind DMZ interface  ?



This thread was automatically locked due to age.
  • 0
    Licensing is based on proected IPs, so if you try to hide some IPs you're violating the license terms.
  • 0

    As scorpionking says, if you have 75 actual computer IPs that need to reach the Internet, then there's no way to do this that doesn't violate the terms of the license agreement. If a lot of the IPs being counted are IP phones, configure them to get time from an internal source so that they have no reason to access the Internet except through your VoIP server. Configure your printers to NOT send information to HP, etc. If some clients on the Internal network don't have access to the Internet but are used only for accessing the servers in the DMZ, you could add a second NIC to those servers and dual-home them with IPs in "Internal (Network)" - then, the traffic doesn't transit the UTM.  Do those approaches help?

    Cheers - Bob

  • 0
    To flesh out one of Bobs suggestions, remove the default gateway (UTM IP) setting from devices such as phones and printers if they do not need internet access. Once this is done, unused IPs will drop from the IP licensing list after 7 days.