Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 5 subscribers
  • Views 7710 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge public IP from an UTM residing on Site-A to another UTM on Site-B

JoergRiether

Hi,

Scenario - I am looking for a way to establish this:


ISP
I
I
Site-A
I
I
UTM-A
I
I
Bridge one public IP to UTM-B, for example via RED Tunnel
I
I
Site-B
I
I
UTM-B SMTP answers and sends as the bridged public IP


The ISP provides Site-A with many public IPs. So basically, we are thinking about bridging one of these public IPs residing on Site-A via UTM-A to UTM-B which is located remote from UTM-A.

I guess this could be a quite easy task when doing for example this community.sophos.com/.../148579 as Bob suggested. But I still dont´t know: Anyone tried that in real life?

Yes? Please tell us. But we are not finished here. OK - here comes part b of the task. The UTM-A should in no way at all interfere with ALL traffic, including SMTP, which is travelling to this one public IP address. It has to pass UTM-A untouched. Meaning, the SMTP Engine on UTM-A should not at all touch this traffic going to that IP address.

Now we are looking at UTM-B. UTM-B should act as SMTP and receive all mails coming in via the bridged public IP from Site-A. That should be easy. But UTM-B also should send mails out and the remote mail server who receives the mail should see exactly our previuously bridged public IP residing originally on site A.

Ideas how to solve this? Our testlab is waiting for a new quest ;-)

Thanks

Joerg



This thread was automatically locked due to age.
Parents
  • 0

    don't everybody speak up at once ;-)

  • 0 in reply to JoergRiether

    Technically Joerg, bridging happens at Layer 2 and IP is Layer 3, so I think we're all confused by your question.  Are you just wanting to have the SMTP Proxy in UTM B handle SMTP messages sent to an IP on UTM A?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    first of all, as I said, this is a testlab puzzle/challenge, so pure theoretical nature and just out of curiosity. We often use our testlab to simulate new ideas and/or challenges suggested by our datacenter team.

    SMTP was just a special example because of it´s nature implemented in UTM (as standard or transparent proxy) and because it is able to also intercept in bridge mode.

    The main question is: Does anybody has build a scenario described here community.sophos.com/.../148579 succesfully working? Because if somebody would tell us „yeah we tried but that was not working because of bla..“ - we would not try this testlab setup from the start.

    On the other hand - if someone had already successfully tried it - it would be extremely interesting to know if there were stumbling stones or other problems.

    Thanks,

    Joerg

  • 0 in reply to JoergRiether

    Just after that post, Ben83 said it worked for him.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi, i have been think of this type of setup... 

     

    For example

     

    Scenario - I am looking for a way to establish this:


    ISP
    I
    I
    Site-A - UTM-A - (On-site)
    I
    I
    Small site - RED Tunnel to site A.
    I
    I
    Site-B - UTM-B - (Is in Data Centre with some hosted web services) ISO 2700 enviroment.   (RED point to here as second failover)
    I
    I
    I


    Scenario - Site A goes down - flood/fire or what ever... Site B DR-Plan kicking in and Veeam backup is spins up servers with Small site & RED Tunnel switchs over to site B as second fail over link to bring small site back online.

     

    Is this possible?

  • 0 in reply to lee myers

    Hi, Lee, and welcome to the UTM Community!

    That should work well.  If you've not yet purchased a RED, you might want to consider an SG 115 with Network Protection as an alternative to a RED 50.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob, thanks for the reply.

     

    I think i will need to do some testing in this case, I'am hoping i can have high available between two UTM's if different locations. One at our head office and second in our datacenter rack.

     

    :-)

  • 0 in reply to lee myers

    Lee, I'm not aware of anyone having created a successful HA installation with two UTMs in separate locations.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Ok,

    I was hoping this might be possible.

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML