Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 4758 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing configuration for DMZ Help !

CyrilRay

Hi,

i'm a noob with UTM ASG 220 at this time. I have to configure a DMZ with a dedicated ADSl link and i'm not able to do that...

My ISP gave me a /30 pool adresses for my router and told me that the UTM should to do NAT rules:

122.255.175.210/30 (Router IP) eth7
122.255.175.209/30 (GW of 122.255.175.210/30)

Ip DMZ : 172.22.101.250 /24 eth6
Ip Web server : 172.22.101.100 /24

Internal network : 192.168.10.0/24 eth1
ADSL Orange : eth2 (default GW with uplink balancing) (Backup link)
FO in a MPLS on eth4 (default GW with uplink balancing) (For DATA and Voice)

The web server should be join with 122.255.175.210 from external. I try this howto https://www.sophos.com/fr-fr/support/knowledgebase/115135.aspx without success...

No routing with ping or traceroute (Host unreachable) from eth7

1) Create the new network interface: 

Network>>Interfaces 
New Interface 
Name: WAN2 
Type: Ethernet Standard 
Hardware: Select desired Ethernet port eth7
Address: Enter IP 122.255.175.210
Netmask: Enter network masq /30
All other settings leave default

2) Create the Second gateway definition: 

Definitions>>Networks 
New network definition 
Create a definition for the WAN2 gateway address: WAN2_Gateway

which settings should i put for this GW definition ?

Someone can Help me ?



This thread was automatically locked due to age.
Parents
  • 0

    That KnowledgeBase article is for traffic that originates inside your LAN, not for publishing a web server.  Also, for traffic originating in your LAN, the best approach is using Multipath rules with Uplink Balancing.

    If you have a subscription for Webserver Protection, you would be better off using the Web Application Firewall.  If not, then you can use a NAT rule to get the traffic to your server:

    DNAT : Internet -> Web Surfing -> WAN2 (Address) : to {172.22.101.100}

    The return traffic will leave from the same interface where the request arrived - WAN2.

    Est-ce que çela marche comme tu le souhaitait ?

    Cheers - Bob

Reply
  • 0

    That KnowledgeBase article is for traffic that originates inside your LAN, not for publishing a web server.  Also, for traffic originating in your LAN, the best approach is using Multipath rules with Uplink Balancing.

    If you have a subscription for Webserver Protection, you would be better off using the Web Application Firewall.  If not, then you can use a NAT rule to get the traffic to your server:

    DNAT : Internet -> Web Surfing -> WAN2 (Address) : to {172.22.101.100}

    The return traffic will leave from the same interface where the request arrived - WAN2.

    Est-ce que çela marche comme tu le souhaitait ?

    Cheers - Bob

Children
No Data