Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 9676 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with connecting 2 internal networks

Scott Grover

Hello all,

I am a bit of a newbie when it comes to the sophos utm 9. I recently stood up sophos on my home network and pretty much got the initial setup running the way I want. The setup is as follows:

Cable modem - sophos - switch.  I have a wireless access point connected to the switch. The internal network is on 192.168.xxx. My internal to external traffic is getting filtered through the firewall just fine.

Recently we had an alarm system put in with cameras that run on there own network (172.16.xxx). The alarm system connects to my wireless ap and works for the most part.  The one piece that does not work is accessing the camera network via the alarm company app. This prevents me from being able to monitor the live camera views. I have bypassed the utm and proven that the app does work and that I can view the cameras without the sophos in place.

My understanding from the alarm company is that there apparently are 3 ports on the cameras that need to be open for the app to work.  In reading other posts I have tried to create static routes between the internal network and the camera network and have added corresponding firewall rules with no luck. My question is Is this the right direction or am I way off the mark? Is there a suggested reference i can look at for this type of issue that I just havnt found yet?

Thanks in advance,

Scott



This thread was automatically locked due to age.
Parents
  • 0

    Scott,

    what you can do is to create an additional interface on the UTM 172.16.x.x and make sure that the AP is using this interface as Default Gateway. That's all! You will manage all the traffic through UTM. Make sure to create the proper Firewall Rules to allow traffic and NAT rule of the new network 172.16.x.x.

  • 0 in reply to lferrara

    Luk,

     

    Thank you for your response.  I have created the interface for the 172.16.x. network and have set the interface as the default gateway on the AP.    I then created a nat masq from the new interface to my external interface.   Finally I created a firewall rule from the new interface to the external interface allowing web surfing.    

     

    Unfortunately when I connect a device to the AP, I am not able to access the internet.   I briefly tried allowing any service through the new firewall rule, but was still unable to connect to the internet.  Not sure where to go from here.   Any more suggestions?

     

    Thank you,

     

    Scott

  • 0 in reply to Scott Grover

    Scott,

    can you share the new Firewall you created?

    Also, you talked about a new NAT....can you share even the screenshot of that one? A nat is not needed however...

  • 0 in reply to Scott Grover

    Hi, Scott, and welcome to the UTM Community!

    "I created a firewall rule from the new interface to the external interface allowing web surfing." - As Luk said, pictures would be better than description.  I suspect that we will see that your rule doesn't work because it has a Destination of "External (Network)" instead of the "Internet" object.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Luk and Bob,

     

    Thank you for your responses.  Here are my firewall rules.

     

    I made the change for the destination to be the internet IPv4, which if I understood correctly was what Bob was suggesting.   Unfortunately it is still not allowing internet access.

     

    The masquerade rule I though I needed is below:

     

     

    Thank you for your help.

     

    Scott

Reply
  • 0 in reply to BAlfson

    Luk and Bob,

     

    Thank you for your responses.  Here are my firewall rules.

     

    I made the change for the destination to be the internet IPv4, which if I understood correctly was what Bob was suggesting.   Unfortunately it is still not allowing internet access.

     

    The masquerade rule I though I needed is below:

     

     

    Thank you for your help.

     

    Scott

Children
  • 0 in reply to Scott Grover

    Scott,

    if you open live log from Firewall section, do you see traffic coming from Alarm network?

    Make sure that on your AP, NAT is disabled. I had a friend of mine who was trying to use the Wireless router as AP and it did not disable the NAT on the device.

    Are you able to ping from your Alarm devices the UTM default gateway interface? Are you able to ping internet website (www.google.com). Make sure pinging is enabled on the appropriate TAB inside the Firewall section.

  • 0 in reply to lferrara

    No do not see any traffic coming from 172.16. I checked the ap and there is no NAT enabled that I can see. I am not able to ping the UTM from the alarm devices, nor can I ping the internet.   I have verified that pinging is enabled.   I am going to spend some time this evening / tomorrow evening redoing the interface and the firewall rules and see what I may have screwed up along the way.

     

    Thank you again for your help.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?