Important: Adding routes is an advanced option and should only be used if you have a thorough understanding of both routing and your network topology. Adding routes incorrectly can make the administrative user interface inaccessible and can prevent web browsing. Please contact Sophos Technical Support if you would like to use this feature.
The Web Appliance allows you to direct traffic to different segments of your network by configuring its Additional Routes table. You might want to do this in one of the following situations:
- You need to protect computers that are on a different sub-net of your internal network than the sub-net that your Web Appliance is on.
- Your network is set up with two gateways to access internal and external web servers, but only one of them is accessible via the default gateway.
An example of the use of the Additional Routes feature is depicted in the following diagram.
- Normal users' HTTP, HTTPS and FTP requests are passed to the Web Appliance , through the default gateway , and on to the internet and back again, as is usual in the explicit mode network deployment.
- By configuring the Web Appliance's Additional Routes table on the page and clicking Advanced settings, requests to specific IP ranges can be redirected appropriately. Additional Routes entries consist of an identifying name, the IP address of the gateway through which the requests are to be routed, and the IP range of the requests that are to be re-routed. For example:
- Adding an additional routes entry to redirect requests to one of your organization's sub-nets would involve specifying the IP address of the internal gateway through which the requests would be routed, specifying the IP range corresponding to the sub-net, and giving the entry a meaningful identifying name.
- Adding a routes entry to redirect requests to one of your organization's internal servers outside of the sub-net of the Web Appliance would involve specifying the IP address of the internal gateway through which the requests would be routed, specifying the IP range corresponding to the internal servers, and giving the entry a meaningful identifying name.
- Requests to the IP ranges specified in the Additional Routes table entries would be rerouted as specified, and they would be processed with the same malware scanning and policy settings configured for normally routed requests.