Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 1520 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Behavior Between Interfaces

Seamas

I recently setup a Sophos UTM 9 VM on ESXi 6 with 4 physical NICs: Management Network, WAN, DMZ, LAN.  Each of those interfaces is mapped to its own vSwitch. 

On the Sophos UTM VM, I have the 3 interfaces for WAN, DMZ, and LAN.  WAN gets DHCP from ISP, DMZ is set to 192.168.5.1/26, and LAN is set to 192.168.1.1/24.  The Sophos UTM IP is on 192.168.1.1.  Should the firewall be allowing traffic between the LAN and DMZ by default?  I don't want traffic allowed between these two interfaces. 

What is strange is that I can connect to a DMZ server on port 80 from a LAN client, but I cannot connect to a LAN server on port 80 from a DMZ client.

Any suggestions?  

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    What version of V9, Seamas?  Is Web Protection active?  What are you doing to connect on port 80?

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address.  I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    What version of V9, Seamas?  Is Web Protection active?  What are you doing to connect on port 80?

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address.  I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob, I'm running 9.506.  Web Protection is active on the LAN interface, but not on the DMZ interface.  I'm just connecting via a browser to port 80.  I removed the two Firewall rules to simplify things and re-tested.  I'm still able to make a browser/http connection from LAN to DMZ host, but I can't make browser/http connection from DMZ to LAN host.

  • 0 in reply to Seamas

    You will definitely want a copy of the document as this is a Web Filtering configuration issue.  Also, to better understand what's happening, see #2 in Rulz as well as Doug Foster's take on some of this: READ ME FIRST: UTM Architecture.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML