Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 6439 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WS1100 and TMG 2010

FJ

hello

looking at deploying a WS1100 with a TMG downstream server and contemplating using a Bridged deployment.

my question is can I have both the LAN and the WAN interfaces configured on the same IP network i.e. the DMZ

any additional thoughts or suggestions would be helpful

:13819


This thread was automatically locked due to age.
Parents
  • 0

    Hi FJ,

    Welcome to SophosTalk.

    The LAN and WAN port will actually both have the same IP address.  The WSA only does bridging, so effectively it acts as a two port switch.

    You can put the appliance either on the LAN or DMZ - as long as HTTP/HTTPS traffic passes through the appliance it will be filtered .  However, I would recommend to use some kind of perimeter firewall to prevent unwanted connections to the appliance. 

    When using a TMG you could also consider using the explicit mode.  You can setup a web-chaining rule on the TMG which will send all web traffic through the Sophos Web Appliance as an upstream proxy.  There is a plugin which can be installed on the TMG to ensure Active Directory authentication works properly in this mode.

    If you don't already have an appliance you can always call our Sales team to discuss the possibility of setting up a demo.

    Hope this Helps,

    -Tom.

    :13843
Reply
  • 0

    Hi FJ,

    Welcome to SophosTalk.

    The LAN and WAN port will actually both have the same IP address.  The WSA only does bridging, so effectively it acts as a two port switch.

    You can put the appliance either on the LAN or DMZ - as long as HTTP/HTTPS traffic passes through the appliance it will be filtered .  However, I would recommend to use some kind of perimeter firewall to prevent unwanted connections to the appliance. 

    When using a TMG you could also consider using the explicit mode.  You can setup a web-chaining rule on the TMG which will send all web traffic through the Sophos Web Appliance as an upstream proxy.  There is a plugin which can be installed on the TMG to ensure Active Directory authentication works properly in this mode.

    If you don't already have an appliance you can always call our Sales team to discuss the possibility of setting up a demo.

    Hope this Helps,

    -Tom.

    :13843
Children
No Data