Hi everyone,
I'm new to the Sophos UTM product but LOVE what I'm seeing in the home version I'm rolling out at my house. FYI - I'm using it in a virtualized environment on VMWare on a host with 4 gigabit Ethernet ports. I have a fiber optic internet link at 100Mbps synchronous and can get a direct Ethernet hand-off on the WAN interface. There are a couple of challenges I'm facing and i'd like to get some general advice from some of you who may have easy answers or can at least point me in the direction.
What I'm trying to accomplish is to replace my hardware ISP router with the virtual UTM appliance. I want it to handle all of my web traffic monitoring/filtering, network management (DNS, DHCP, etc) and also allow me to take advantage of a bunch of other features that I have not previously been able to setup at home before using other solutions. My primary challenge is the cabling in the house, the ISP wiring is in a closet which is a location I can't physically locate my VMWare host server. The way rooms in the house are wired, each room has one CAT5 cable running back to the closet where the ISP router is, patched down in a block that I had to install because previously the wiring was all a mess and piece meal individual cables.
Currently I have the VMWare host in an office, connected to a switch. The switch up-link is that single Ethernet wire back to the patch panel which ultimately hooks into a switch where the ISP router is connected. I'm trying to find a way to get a dedicated CAT5 cable to a dedicated Ethernet port on my VMWare host to use in a private ISP virtual switch which I can then present to the UTM appliance for internet/gateway traffic to/from the Internet.
So far I've been able to get around the cabling issues by setting up my ISP router with a DMZ host and routing all incoming ports to the LAN IP of my VMWare host internal network IP. This does technically work, I'm seeing traffic stats and devices, DNS, DHCP and most of the other services are working as expected. This is not ideal nor a good practice but it was a quick way that I could evaluate the features of UTM 9 and see if it would be a good solution for what I wanted to do with my home network.
In the way things are currently configured I'm also having a number of other functional issues. One of which is a speed problem, which is unusual since I have such a fast internet link. Accessing resources inside my home network remotely through TeamViewer, RDP or other services is extremely slow, pretty much unusable. To make a long story short - given the above information, I'm hoping some of you guys can give me some pointers on how to best deploy the UTM.
Is there a secure way to to configure external traffic in on the internal/trusted network? Will that affect firewall rule definitions since I can't use network based filtering variables anymore? I fumbled my way through the firewall and NAT rules to get some external ports forwarded correctly to internal hosts, which is working! But I want to make this a safe and secure solution and also need to fix the speed issues. I'd also love to get rid of the ISP router, since I don't really need it and could let UTM handle all the routing and network management.
Any tips or suggestions are greatly appreciated!
This thread was automatically locked due to age.
