Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 1028 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering for remote site

just_forrent
hello,
I have a question regarding enabling web filtering for a remote site. It is connected via a site-2-site vpn tunnel. This tunnel is not part of the astaro appliance. Here is the network setup:
Main Office: 10.10.1.X network
Remote Office: 10.10.10.X network
Connected via site-2-site vpn tunnel using sonicwall firewall

At the main office, I have installed astaro appliance and web filtering is working just fine.

I want web filtering to be enabled for the remote office users, without having to rework the tunnel to route through astaro appliance.

Any help would be greatly appreciated.
Thanks!


This thread was automatically locked due to age.
  • 0
    Not sure why you would want to keep that Sonicwall... [;)]

    Can we assume that all of the Remote Office traffic comes through the tunnel - that it's not a split tunnel?  If so, then you'll need a policy route in the Sonicwall to redirect traffic to the Astaro.

    If you're in "Transparent" mode, you only need to redirect port-80 traffic to the Astaro.  If you're in a non-transparent mode, you'll want all of the ports that are identified in 'Allowed target services' on the 'Advanced' tab of HTTP/S.

    Cheers -Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I wish I could get rid of the Sonicwall myself but that is out of my hands. 

    I can't even ping the internal IP of the Astaro from the remote office. Almost as if it is being blocked. I created rules to allow all traffic in but must be missing something.
  • 0
    The Astaro won't respond to pings unless configured to do so on the 'ICMP' tab of 'Packet Filter'.

    Cheers - Bob
    PS - and, welcome to the User BB!
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I enabled the ICMP in packet filter. I am able to ping the inside interface of the appliance from within the local network but not the remote network. From the remote network, I can ping other IP's.

    It's almost as if there is something blocking the remote network.
  • 0
    In your situation, it sounds like the Astaro should have only a single interface active (or be in bridged mode) so that its default gateway is the LAN port of your Sonicwall.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    yes, working now!!!

    thanks for all your help...much appreciated!