On 02/22/2014 04:34 PM, Joschka Blohm wrote:
> Hi dear list,
> I'm going to install a Sophos UTM. It has an integrated firewall, but I
> do not want to throw the m0n0wall out of the rack.
> The UTM's main purpose is scanning the traffic for viruses and trojans
> and managing the local installations of Sophos Endpoint Protection. I
> don't really need its firewall capabilities.
> Is there a possibility to design the network with some sort of
> redundancy? The m0n0wall box works without moving parts (Alix with CF
> card) so I think the UTM box will die before the m0n0wall box in the
> worst case. I hope both of them won't but if it is the case that the UTM
> has some sort of error I'd like to pop over a cable from the m0n0wall
> box to the switch to bridge the connection and can work with system
> which has a firewall at least.
> Does someone has a similar scenario and can share some insights?
> As always any help is appreciated. :)
If you have extra IP addresses, run them in parallel. Turn off DHCP on
the m0n0wall, and give it "one up" IP addresses from the Sophos. Then
set the default gateway in a system with a static IP to the m0n0wall
instead of the sophos, and it will bypass the sophos completely. (But
still behave normally to everything on the LAN.) If the Sophos dies,
just turn on DHCP and things come back. (This can also cut donw on
required Sohpos licenses...