This article describes how to configure an Ethernet Standard or Ethernet Static interface on Sophos UTM 9.000 and above.
This is a typical Ethernet connection, configured with a static IP address, subnet mask, and optionally, a default gateway. This interface type is most commonly used.
Use this interface type when you are:
- Connecting directly to a typical local network, such as a LAN, DMZ, or guest network
- Connecting to the internet, if the provider has issued a specific IP address or subnet.
Do NOT use this interface type if:
- The network you are connecting to is a tagged VLAN
- The network you are connecting to requires PPP type authentication
This article focuses on a single interface type. To learn more about other interface types, please view article #118899
Known to apply to the following Sophos product(s) and version(s)
What To Do
Interfaces may be added and edited in the WebAdmin interface under: Interfaces & Routing | Interfaces | Interfaces.
- Click the New Interface button to add a new interface.
- In the Type field, select: Ethernet Static (Ethernet Standard in older firmware versions)
- The following image and table outline the options available, and how to fill them out:
Name: This is the name that will be shown throughout the UTM configuration, wherever this interface is referenced. Names that indicate, or are specific to, purpose, are often the most useful. For example names like: Internal, DMZ, Guest, External. or External-XO, External-ATT, are purpose specific names that make it clear to someone who didn't create the object, what purpose it serves.
Hardware: Unused Ethernet ports will be shown here. If none are listed, then all interfaces are presently configured. UTM appliances configure eth3 by default, for HA/Clustering. If HA is not needed, and HA is not disabled, eth3 may be made available on UTM appliances, by disabling HA under Management | High Availability | Configuration.
IPv4 Address: This is the IPv4 address that you wish to assign to the UTM on the selected port
Netmask: This is the subnet of the IPv4 address assigned above. Internal subnets are quite commonly set to /24. If the IP address is assigned by the ISP, then the subnet mask given by the ISP must also be used.
IPv4 Default GW: If the interface is a connection to the internet, then a default gateway IP may be set by enabling this option. If this is not an internet connection, then this option does not normally need to be enabled.
Default GW IP: This field is only available if the checkbox above is enabled. The default gateway IP is the address of the next hop in the IP's subnet, that is able to send traffic to the internet. This should be provided by the ISP or network administrator.
Comment:(Optional) This is a free text field, where brief comments may be recorded
MTU: The default value of 1500 is the standard value for internet traffic. It may be apropriate to change this when connecting to internal networks using jubmo frames, or to ISPs that require smaller MTU values.
Proxy Arp: This should normally be left disabled, though it may be used in special circumstances, to allow hosts on one network to resolve the MAC address of machines on another network.
Displayed max: (Optional) The displayed max value is a numeric field that is used for display purposes only. Entering the correct value in this field to match the available bandwidth provided on this link, allows the UTM to show accurate percentage graphs for each interface on dashboard. This has no impact on network behavior, as it is only used for display purposes.
This interface type was renamed from Ethernet Standard, to Ethernet Static, in Sophos UTM firmware version 9.100