Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Sophos XG Firewall placement


265 posts

Ultimate Geek
+1 received by user: 14


Topic # 240745 24-Sep-2018 10:27
Send private message quote this post

Hey,

 

 

 

After some advice as to where I should place a new Sophos XG Firewall?

 

 

 

Currently I have the normal Unifi setup:

 

ISP Fibre ONT > USG WAN > USG LAN > Unifi Switch > rest of the internal network

 

 

 

To integrate the XG should I do 

 

ISP Fibre ONT > USG WAN (VLAN10) > USG LAN > Sophos In > Sophos Out > Unifi Switch    or

 

ISP Fibre ONT > (VLAN10) Sophos In > Sophos Out > USG WAN > USG LAN > Unifi Switch 

 

 

 

I'd prefer to keep the connection to the ISP going through the USG first then onto Sophos if that's best.

 

I want to include the firewall to monitor the traffic deeper and restrict websites etc as the kids get older.

 

 

 

Thanks

Create new topic
6362 posts

Uber Geek
+1 received by user: 317

Trusted
Subscriber

  Reply # 2095350 24-Sep-2018 10:34
Send private message quote this post

Any reason why you want to keep the USG in circuit, this seems odd. If you do keep it, ensure you route between them, not nat

 

Cyril



265 posts

Ultimate Geek
+1 received by user: 14


  Reply # 2095531 24-Sep-2018 14:18
Send private message quote this post

cyril7:

 

Any reason why you want to keep the USG in circuit, this seems odd. If you do keep it, ensure you route between them, not nat

 

Cyril

 

 

 

 

Mainly want to keep the USG as I have already invested in it and a great device, though it's limited with the firewall and web filtering ability.

 

From what I have seen it looks like its best to put the Sophos XG between the OTP and the Unifi Gateway.

 
 
 
 


6362 posts

Uber Geek
+1 received by user: 317

Trusted
Subscriber

  Reply # 2095538 24-Sep-2018 14:27
Send private message quote this post

Well it depends who you want to do the NAT and firewalling, if it were me, I would drop the USG, but failing that I would use the Sophos simply as a content filter (and firewall as appropriate) for networks you want to protect (ie the kids) and therefore put it between the kids vlan and USG, ymmv :)

 

 

 

ie ONT > USG > Sophos > kids network

 

                        > responsible persons network

 

Cyril



265 posts

Ultimate Geek
+1 received by user: 14


  Reply # 2095691 24-Sep-2018 17:59
Send private message quote this post

Cheers

See any issue of putting the Sophos XG in between the ONT and Unifi USG and using the USG for authentication to the Internet? Basically passing through the XG or will it break auth until firewall rules are in place?

ONT > Sophos XG ( web filtering ) > USG WAN ( fibre auth ) > USG LAN > Switch

6362 posts

Uber Geek
+1 received by user: 317

Trusted
Subscriber

  Reply # 2095695 24-Sep-2018 18:03
Send private message quote this post

Hi, your building a rod for you back and a good chance of creating a worse mess, get rid of one of the routers.

 

Cyril

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.