Hi
I have a question on the AWS Sophos UTM9 appliance. I have configured an appliance on a t2 micro, to have 2 interfaces in the same AZ ; 1 int for outside, 1 int for inside (I believe this is the correct way to set up the Sophos appliance?). The inside interface connects to/has an IP on, lets say subnet 10.0.0.0/24 . Now, lets say I want another internal aws subnet to be added to the tunnel – can this be done with just one appliance? And if so, how?
What I have tried so far is to add a new subnet in the VPC, in the same AZ, and make sure that this net routes the traffic to the other end of the site2site tunnel, to the internal int of the Sophos appliance. When creating traffic from the remote site (ping), a new sa will be created for the traffic, and it appears that the traffic will be routed to the host on the new subnet. However, the host reply never reaches the Sophos appliance – even though the route to the network interface is in place. The Sophos has source/dest disabled on both internal and external interfaces. Im not sure if this means that I will need a new Sophos box for each new subnet (or a bigger machine type – only 2 ints on the t2 micro) ?
I would have thought it would be possible to simply route the traffic from the new subnet back to the device. But apparently not. Have been poking around with this for 3-4 hours now, and nothing seems to change the fact that traffic from the new subnet never gets back to the Sophos appliance.
Best Regards
Christian
This thread was automatically locked due to age.
