Also note, that under the WAN interface settings, the "Dynamic IP" and the " IPv4 default GW:" checkboxes should both be checked. One other thing you will need, is to set up a Static Route in the Sophos to route between the LAN and WAN (under Interfaces & Routing - Static Routes, create a new rule:" Route Type: Interface Route", Network: Internal (Network)", "Interface: WAN". You can setup the Sophos to do this, or a second router with DHCP capabilities connected to the LAN side. As I indicated above, the Internal LAN needs to have its own network, set the LAN IP in Sophos to 192.168.2.1/24 (255.255.255.0) for example, and will also need a DHCP server set up on the Internal LAN side to hand out addresses to your client machines. These will not pass through the Sophos to clients on the Internal LAN interface. Also, make sure that the address you assign to the Internal LAN interface is not inside the scope of the DHCP server address range.Īt this point, the ATT router is only going to hand out IP addresses, and DNS and Gateway settings for clients, to the WAN port of the Sophos UTM. You need to either setup DHCP on the Sophos UTM, or have the router on the Internal interface handle it. You can not use the ATT router to hand out DHCP, you do not want to hand out DHCP to clients on the Internal interface from from a DHCP server on the WAN interface. In either case you can not use 192.168.3.9 for the WAN and 192.168.3.10 for the Internal and have them be in seperate networks. In order to use the 192.168.3.x scheme on both interfaces you you are going to have to break it into two seperate networks, and the IP addresses you have listed above will not work. The WAN and the Internal interfaces can not be on the same network. Some other things we need to know to help you Is your ATT router handling logon (PPPoE?) or is it bridged? Is your Router on the other side of the Sophos being used as a router or acting as an access point? "Rule Type: SNAT (source)", " For traffic from: Internal (Network)", " Using service: Any", Going to: Any IPv4", " Change the source to: WAN (Address)". I prefer to setup a SNAT rule, under the NAT tab, instead. The other issue I have with the instructions in your posted link, is using the masquerading rule for NAT. You can tweek these later if needed but for most home users, the rules the wizard sets up will be all you need. The wizard will get you 80% there and will get your basic firewall rules setup. I have posted a link to the Sophos manual below to use as a reference, but at this point you should start over and this time use the wizard. But for now this is not causing your problem, using this firewall rule is ok for troubleshooting, but should not be left active. First, it is telling you to use the the firewall rule "Internal>Any>Any". Please do not use that guide you posted a link to, it is rubbish, and you will not have a firewall when you are done.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |