[ previous ] [ next ] [ threads ]
 From:  Joschka Blohm <admin at zpt dash muenster dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Double firewall
 Date:  Sun, 23 Feb 2014 22:19:36 +0100
Thanks Lee for your reply. :)

I just understood half of it maybe because I'm a non-native speaker, but 
I can guess what your point is.

Am 23.02.2014 01:06, schrieb Lee Sharp:
> On 02/22/2014 04:34 PM, Joschka Blohm wrote:
>> Hi dear list,
>> I'm going to install a Sophos UTM. It has an integrated firewall, but I
>> do not want to throw the m0n0wall out of the rack.
>> The UTM's main purpose is scanning the traffic for viruses and trojans
>> and managing the local installations of Sophos Endpoint Protection. I
>> don't really need its firewall capabilities.
>> Is there a possibility to design the network with some sort of
>> redundancy? The m0n0wall box works without moving parts (Alix with CF
>> card) so I think the UTM box will die before the m0n0wall box in the
>> worst case. I hope both of them won't but if it is the case that the UTM
>> has some sort of error I'd like to pop over a cable from the m0n0wall
>> box to the switch to bridge the connection and can work with system
>> which has a firewall at least.
>> Does someone has a similar scenario and can share some insights?
>> As always any help is appreciated. :)
> If you have extra IP addresses, run them in parallel.  Turn off DHCP on
> the m0n0wall, and give it "one up" IP addresses from the Sophos.  Then
> set the default gateway in a system with a static IP to the m0n0wall
> instead of the sophos, and it will bypass the sophos completely.  (But
> still behave normally to everything on the LAN.)  If the Sophos dies,
> just turn on DHCP and things come back.  (This can also cut donw  on
> required Sohpos licenses...
>              Lee
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Diese E-Mail und eventuelle Anlagen können vertrauliche und/oder 
rechtlich geschützte Informationen enthalten. Wenn Sie nicht der 
richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, 
informieren Sie bitte sofort den Absender und vernichten Sie diese 
E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser 
E-Mail sind nicht gestattet.

This e-mail and any attachments may contain confidential and/or 
privileged information. If you are not the intended recipient (or have 
received this e-mail in error) please notify the sender immediately and 
destroy this e-mail. Any unauthorized copying, disclosure or 
distribution of the material in this e-mail is strictly forbidden.