This article describes what to do when the clients behind the RED should be on the same network as the clients in the LAN behind the Astaro Security Gateway (ASG). Known to apply to the following Sophos product(s) and version(s)
%%PROPERTIES%% Operating systems
v7 + v8
What to do
- Configure the RED device in webadmin (! disable the quick setup feature !).
- Create a bridge on the ASG with the redsX interface and the internal interface of the ASG (most often "Internal")
- Add a DHCP server on the ASG to provide the IP addresses for the RED and LAN clients
- Connect the RED.
Its also possible to use a dedicated (existing) DHCP server in the LAN to provide the IPs for the remote clients behind the REDs instead of using the DHCP services integrated into the ASG. In which case step 3 above can be missed out.
You will need to add a special packetfilter rule in the following way:
- Create a new service definition of type "UDP" for the DHCP packets as shown in the picture;
- Create a new network definition of type "network" as shown here,
Important: you must bind this object to the interface of the bridge.
- Create a packetfilter rule as shown here:
- If you want to have logging for these DHCP broadcasts, do not forget to enable logging of broacasts traffic in the advanced section.
- Check whether the rules works. The Packetfilter Live Log should look like this: