Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Sophos XG Firewall placement


279 posts

Ultimate Geek
+1 received by user: 15


# 240745 24-Sep-2018 10:27
Send private message

Hey,

 

 

 

After some advice as to where I should place a new Sophos XG Firewall?

 

 

 

Currently I have the normal Unifi setup:

 

ISP Fibre ONT > USG WAN > USG LAN > Unifi Switch > rest of the internal network

 

 

 

To integrate the XG should I do 

 

ISP Fibre ONT > USG WAN (VLAN10) > USG LAN > Sophos In > Sophos Out > Unifi Switch    or

 

ISP Fibre ONT > (VLAN10) Sophos In > Sophos Out > USG WAN > USG LAN > Unifi Switch 

 

 

 

I'd prefer to keep the connection to the ISP going through the USG first then onto Sophos if that's best.

 

I want to include the firewall to monitor the traffic deeper and restrict websites etc as the kids get older.

 

 

 

Thanks

Create new topic
6637 posts

Uber Geek
+1 received by user: 523

Trusted
Subscriber

  # 2095350 24-Sep-2018 10:34
Send private message

Any reason why you want to keep the USG in circuit, this seems odd. If you do keep it, ensure you route between them, not nat

 

Cyril



279 posts

Ultimate Geek
+1 received by user: 15


  # 2095531 24-Sep-2018 14:18
Send private message

cyril7:

 

Any reason why you want to keep the USG in circuit, this seems odd. If you do keep it, ensure you route between them, not nat

 

Cyril

 

 

 

 

Mainly want to keep the USG as I have already invested in it and a great device, though it's limited with the firewall and web filtering ability.

 

From what I have seen it looks like its best to put the Sophos XG between the OTP and the Unifi Gateway.

 
 
 
 


6637 posts

Uber Geek
+1 received by user: 523

Trusted
Subscriber

  # 2095538 24-Sep-2018 14:27
Send private message

Well it depends who you want to do the NAT and firewalling, if it were me, I would drop the USG, but failing that I would use the Sophos simply as a content filter (and firewall as appropriate) for networks you want to protect (ie the kids) and therefore put it between the kids vlan and USG, ymmv :)

 

 

 

ie ONT > USG > Sophos > kids network

 

                        > responsible persons network

 

Cyril



279 posts

Ultimate Geek
+1 received by user: 15


  # 2095691 24-Sep-2018 17:59
Send private message

Cheers

See any issue of putting the Sophos XG in between the ONT and Unifi USG and using the USG for authentication to the Internet? Basically passing through the XG or will it break auth until firewall rules are in place?

ONT > Sophos XG ( web filtering ) > USG WAN ( fibre auth ) > USG LAN > Switch

6637 posts

Uber Geek
+1 received by user: 523

Trusted
Subscriber

  # 2095695 24-Sep-2018 18:03
Send private message

Hi, your building a rod for you back and a good chance of creating a worse mess, get rid of one of the routers.

 

Cyril

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15

WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07

Techweek starting around NZ today
Posted 20-May-2019 09:52

Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00

New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30

Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11

Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23

Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11

Vodafone New Zealand sold
Posted 14-May-2019 07:25

Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25

Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39

Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25

Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13

The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.