[ previous ] [ next ] [ threads ]
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Double firewall
 Date:  Sat, 22 Feb 2014 18:06:14 -0600
On 02/22/2014 04:34 PM, Joschka Blohm wrote:
> Hi dear list,
> I'm going to install a Sophos UTM. It has an integrated firewall, but I
> do not want to throw the m0n0wall out of the rack.
> The UTM's main purpose is scanning the traffic for viruses and trojans
> and managing the local installations of Sophos Endpoint Protection. I
> don't really need its firewall capabilities.
> Is there a possibility to design the network with some sort of
> redundancy? The m0n0wall box works without moving parts (Alix with CF
> card) so I think the UTM box will die before the m0n0wall box in the
> worst case. I hope both of them won't but if it is the case that the UTM
> has some sort of error I'd like to pop over a cable from the m0n0wall
> box to the switch to bridge the connection and can work with system
> which has a firewall at least.
> Does someone has a similar scenario and can share some insights?
> As always any help is appreciated. :)

If you have extra IP addresses, run them in parallel.  Turn off DHCP on 
the m0n0wall, and give it "one up" IP addresses from the Sophos.  Then 
set the default gateway in a system with a static IP to the m0n0wall 
instead of the sophos, and it will bypass the sophos completely.  (But 
still behave normally to everything on the LAN.)  If the Sophos dies, 
just turn on DHCP and things come back.  (This can also cut donw  on 
required Sohpos licenses...