Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 6437 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT from DMZ

YivgenyShipilevsky

Hello,

We have license for 75 IP's

LAN's and DMZ IP's go through Sophos FW.

There is some way configure that all DMZ clients will get out with NAT ?

I mean That sophos will stop count all IP's behind DMZ interface  ?



This thread was automatically locked due to age.
  • 0
    Licensing is based on proected IPs, so if you try to hide some IPs you're violating the license terms.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0

    As scorpionking says, if you have 75 actual computer IPs that need to reach the Internet, then there's no way to do this that doesn't violate the terms of the license agreement. If a lot of the IPs being counted are IP phones, configure them to get time from an internal source so that they have no reason to access the Internet except through your VoIP server. Configure your printers to NOT send information to HP, etc. If some clients on the Internal network don't have access to the Internet but are used only for accessing the servers in the DMZ, you could add a second NIC to those servers and dual-home them with IPs in "Internal (Network)" - then, the traffic doesn't transit the UTM.  Do those approaches help?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    To flesh out one of Bobs suggestions, remove the default gateway (UTM IP) setting from devices such as phones and printers if they do not need internet access. Once this is done, unused IPs will drop from the IP licensing list after 7 days.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Cookie Information Banner