Hi,
I need help with my basic network topology, where to put my Sophos device at home. I currently have a Unifi system, hoping to sell that to get a Sophos AP to make it one package
but that is not going to happen for awhile and it is the WiFi I have to use.
Can I setup the UTM or XG outside of the current setup? Most descriptions have the Sophos device between a router and switch. I played around with it like this:
Cable Modem---Unifi USG (Gateway)---XG Firewall or UTM---Switch---LAN/WiFi AP
Also thinking maybe this is better:
Cable Modem---XG Firewall or UTM---Unifi USG Gateway---Switch----LAN/WiFi AP
The USG "Unifi Security Gateway" is supposed to be a security appliance, it acts like a brain connected to the switch but it is pretty dumb actually, it doesn't do anything security wise besides a stateful firewall unless programmed with command line/IP tables. Wanted a UTM really but they were pretty deceptive w their advertising. The gateway and switch should just be together as one router. I have every device isolated on the network pretty much and I think even if I didn't all internal traffic involves the USG, not just the switch.
My thinking is maybe everything is more secure without the gateway being directly exposed to the WAN. If it was compromised it might give a base to attack from which is more difficult to detect as it'd be from that IP.
I am not sure if I would be better off running the XG or UTM as a gateway on the outside there w/ the LAN and WiFi switched by the current setup in bridge mode or run the UTM or XG as a bridge.
Thanks for your help!
This thread was automatically locked due to age.
