Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 18328 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ, VPN Client, Routing, FW

Sally

DMZ, VPN Client, Routing, FW

 

 

Hello,

 

I would like to setup a router (VPN Client) in a DMZ and route traffic from LAN over DMZ to Open VPN Tunnel. I have the following configuration till now:

 

WAN Interface (Ethernet) : 82.x.x.x

LAN: 192.168.0.0 /24

DMZ: 10.0.0.0 /8

 

 Ping and Web Access to DMZ Router are working. 

 

Firewall Rules for DMZ:

 

LAN to DMZ / Services http, https and ping allowed

 

Interesting for me is, that when i deactivate this rule, I’m still able to reach the routers web interface via https?

 

 

 

If i want to establish an vpn tunnel with the router in the DMZ, do i need a separate masquerading rule.

 

At the moment i have the rule LAN to External (WAN), do i also need DMZ to External (WAN)??

 

 

 

When i want to route specific traffic over the tunnel, lets say http / https, what kind of firewall rules / configuration i need?

 

Is there a way to split the traffic, and route specific requests to a public website direct, without going over the tunnel?

 

 

Any help would be highly appreciated.

 

 

 

Thanks

Sally



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    I would like to setup a router (VPN Client) in a DMZ and route traffic from LAN over DMZ to Open VPN Tunnel. I have the following configuration till now:

    WAN Interface (Ethernet) : 82.x.x.x

    LAN: 192.168.0.0 /24

    DMZ: 10.0.0.0 /8


    Ping and Web Access to DMZ Router are working.

    Firewall Rules for DMZ:

    LAN to DMZ / Services http, https and ping allowed
    Interesting for me is, that when i deactivate this rule, I’m still able to reach the routers web interface via https?

    - If you are using webfiltering then the web filter (which is a proxy) will be the one able to access those resources (http(s)).

    If i want to establish an vpn tunnel with the router in the DMZ, do i need a separate masquerading rule.
    At the moment i have the rule LAN to External (WAN), do i also need DMZ to External (WAN)??

    - Yes usually you will need a masquerading rule for every subnet that needs internet access, but I don't get what you mean with i want to establish a vpn tunnel with the router in the DMZ (I suppose you would like to do this from another location?)

     

    When i want to route specific traffic over the tunnel, lets say http / https, what kind of firewall rules / configuration i need?

    - Please create a new thread for this question

     

    Is there a way to split the traffic, and route specific requests to a public website direct, without going over the tunnel?

    - Please create a new thread for this question

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0

    Hello,

    I would like to setup a router (VPN Client) in a DMZ and route traffic from LAN over DMZ to Open VPN Tunnel. I have the following configuration till now:

    WAN Interface (Ethernet) : 82.x.x.x

    LAN: 192.168.0.0 /24

    DMZ: 10.0.0.0 /8


    Ping and Web Access to DMZ Router are working.

    Firewall Rules for DMZ:

    LAN to DMZ / Services http, https and ping allowed
    Interesting for me is, that when i deactivate this rule, I’m still able to reach the routers web interface via https?

    - If you are using webfiltering then the web filter (which is a proxy) will be the one able to access those resources (http(s)).

    If i want to establish an vpn tunnel with the router in the DMZ, do i need a separate masquerading rule.
    At the moment i have the rule LAN to External (WAN), do i also need DMZ to External (WAN)??

    - Yes usually you will need a masquerading rule for every subnet that needs internet access, but I don't get what you mean with i want to establish a vpn tunnel with the router in the DMZ (I suppose you would like to do this from another location?)

     

    When i want to route specific traffic over the tunnel, lets say http / https, what kind of firewall rules / configuration i need?

    - Please create a new thread for this question

     

    Is there a way to split the traffic, and route specific requests to a public website direct, without going over the tunnel?

    - Please create a new thread for this question

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Unfiltered HTML