How to create a 'Unified Host Object' in your Sophos UTM

  • Article ID: 119097
  • Rating:
  • 3 customers rated this article 4.3 out of 6
  • Updated: 07 Aug 2014


Under the 'Definitions & Users' menu of the Sophos UTM you can define networks and services that can then be used in all other configuration menus.  Creating a definition allows you to work with a 'friendly name' which you define and groups together other network settings.

With the release of Sophos UTM version 9.1 you can create a 'Host' object that incorporates both DHCP and DNS settings.  This new combination of DHCP and DNS configuration into one object is called a 'Unified Host Object'.  All options can be set from the 'Network Definitions' area of the UTM.

Note:

  • DHCP and DNS settings were previously found under the 'Network Services' | DNS / DHCP | 'Static Mappings' tab.
  • It is still possible to set up a new Host object under 'Network Services' | 'DHCP' | '[IPv4/IPv6] Lease Table' tab with the same information as under the 'Definitions & Users' section.

Known to apply to the following Sophos product(s) and version(s)

Sophos UTM

Operating systems
Sophos UTM 9.100 or higher

What To Do

  1. Open the Sophos UTM WebAdmin interface and login.
  2. Go to 'Definitions & Users' | 'Network Definitions' | 'Network Definitions' tab.
  3. Click the 'New network definition...' button.
  4. When the "New network definition" dialogue box opens, complete as follows:
    Host Configuration Options
      Name: Enter a descriptive name for this definition.

    Type: Select the network definition type Host

    IPv4 address/IPv6 address: The IP address of the host (note that you cannot enter the IP address of a configured interface).

    Comment (optional): Add a description or other information. 

    DHCP Settings (optional): In this section you can create static mappings between hosts and IP address. For this purpose, you need a configured DHCP server (see Network Services > DHCP > Servers).

    Note – To avoid an IP address clash between regularly assigned addresses from the DHCP pool and those statically mapped make sure that the latter are not in the scope of the DHCP pool. For example, a static mapping of 192.168.0.200 could result in two systems receiving the same IP address if the DHCP pool is 192.168.0.100 - 192.168.0.210.
      IPv4 DHCP: Select the IPv4 DHCP server to be used for static mapping.

    MAC addresses: Enter the MAC addresses of the hosts' network interface cards. The MAC addresses are usually specified in a format consisting of six groups of two hexadecimal digits, separated by colons (e.g., 00:04:76:16:EA:62).

    IPv6 DHCP: Select the IPv6 DHCP server to be used for static mapping.

    DHCP Unique IDs: Enter the DUIDs of the hosts. With e.g., Windows operating systems, the DUID can be found in the Windows Registry:
    HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters

    Please note that you have to enter the groups of two hexadecimal digits separated by colons (e.g., 00:01:00:01:13:30:65:56:00:50:56:b2:07:51).
    DNS Settings (optional): If you do not want to set up your own DNS server but need static DNS mappings for a few hosts on your network, you can enter these mappings in this section of the respective hosts. Note that this only scales for a limited number of hosts and is by no means intended as a replacement of a fully operable DNS server.
      Hostname: Enter the fully qualified domain name (FQDN) of the host.

    Reverse DNS: Select the checkbox to enable the mapping of the host's IP address to its name. Note that although several names can map to the same IP address, one IP address can only ever map to one name.

    Additional Hostnames: Click the plus icon to add additional hostnames for the host.
     Optionally, make the following advanced settings:
      Interface (optional): You can bind the network definition to a certain interface, so that connections to the definition will only be established via this interface.
  5. Click the 'Save' button.

The new definition appears on the network definition list.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments