Archiv für den Monat: Juli 2013

Sophos Update auf 9.104-14

Sophos Update auf 9.1.104 Soft Release mit einer wichtigen Funktion: „Button to reset UTM ID to be able to use Endpoint Protection on cloned machines“

sophos-update-104-1

Sophos UTM 9.1: OSPF oder Multipath Rules vor IPSEC Routen

IPsec Traffic wird bei der Sophos UTM immer bevorzugt behandelt. Um OSPF oder statische Routen nutzen zu können, hat man bei der Version 9.1 folgende unscheinbare Option beim anlegen eines Tunnels:
Bind tunnel to local interface: By default, the option is unselected and all traffic originating from the selected local networks and going to the defined remote networks will always be sent through this IPsec tunnel. It is not possible to have multiple identical tunnels on different interfaces because the selector would always be the same. However, if enabled, the defined IPsec selector will be bound to the selected local interface. Thus it is possible to either bypass IPsec policies with static routes or define redundant IPsec tunnels over different uplinks and use multipath rules to balance traffic over the available interfaces and their IPsec tunnels. Use cases for this setting are for example:

sophos-vpn-route

  • Bypass IPsec policies for local hosts which belong to the remote network through static routes.
  • Balance traffic based on layer 3 and layer 4 with multipath rules over multiple IPsec tunnels or MPLS links with automatic failover.