Sophos UTM - How to define a network interface

  • Article ID: 118899
  • Rating:
  • 2 customers rated this article 4.0 out of 6
  • Updated: 06 Mar 2014


Sophos UTM requires network interfaces to be configured, in order to communicate with the networks to which it is connected. A variety of interface types are offered to allow UTM to connect to many types of network. 

This article lists the interface types available, describing where each should be used, and providing links to articles which describe how to create a new network interface of the selected type in Sophos UTM.

Known to apply to the following Sophos product(s) and version(s)


Sophos UTM

Understanding the Available Interface Types

UTM has numerous  interface types available, allowing for compatibility with many different network types. It may not always be clear which interface type to choose, when setting up a network. 

Some interface types may be used when connecting to local, private networks, as well as public internet connections. Ethernet Static, Ethernet DHCP, and Ethernet VLAN connections may be used for direct connections to internal networks, as well as internet connections to providers who deliver a plain Ethernet connection. These three interface types are the most common, and you will probably choose one of these.

The remaining interface types are specialized internet connection types. PPPoE, PPPoA, 3G/UMTS, and Modem (PPP) connections are only useful as internet connections. It should be clear when you need to use these connection types, as the provider connection type or device will clearly dictate if one of these connection types must be used.

The table below outlines each of the interface types available, as of UTM 9.000. Much of the information shown may be valid for older versions, though some options may be different, or unavailable, before version 9. 

General Purpose Interface Types

Type Description
Ethernet Standard or Ethernet Static This is a typical Ethernet connection, configured with a static IP address and subnet mask. This is the most common interface type. If you're creating a new interface on the UTM to connect to a local network such as a DMZ, this is probably the interface type you will choose. 

Use this interface type when you are:

  • Connecting directly to a typical local network, such as a LAN, DMZ, or guest network.
  • Connecting to the internet, if the provider has issued a specific IP address or subnet.

Do NOT use this interface type if:

  • The network you are connecting to is a tagged VLAN.
  • The network you are connecting to requires DHCP.
  • The network you are connecting to requires PPP type authentication. 

For details on creating an Ethernet Static interface, see KB article 118991

Cable Modem (DHCP) 
   or
Ethernet DHCP
This is a standard Ethernet interface that will obtain IP address settings automatically, using DHCP. This interface type is very common for residential or SOHO internet connections.

Use this interface type when you are:

  • Connecting to a standard internet connection, and the ISP has not issued a permanent IP address.
  • Connecting to a network that offers DHCP.
  • The network you are connecting to requires PPP type authentication.

Do NOT use this interface type if:

  • No DHCP server is available on the network you are connecting to.

For details on creating an Ethernet DHCP interface, see KB article 118998

Ethernet VLAN Ethernet VLAN interfaces are often used on internal, managed networks, that are segmented into VLANS. When the UTM needs to connect to more than one VLAN, it may be preferrable to pass more than one VLAN to the UTM over a single trunk port. This requires configuration on the switch(es) that the UTM connects to. At the very least, the port the UTM is connected must be configured as a trunk port, and it must be a TAGGED member of each VLAN that you want the UTM to use.

Use this interface type when you are:
  • Connecting to a tagged VLAN on a switch trunk port. 
  • Need to directly connect UTM to more networks than it has physical Ethernet ports, and you also have a managed VLAN capable switch to connect with.
Do NOT use this interface type if:
  • You are connecting to an UNTAGGED VLAN switch port.
  • You are not connecting to a tagged VLAN. 

For details on creating an Ethernet VLAN interface, see KB article 118999

 Specialized Internet Connection Types

 Type   Description
DSL (PPPoE) Some internet connections (typically DSL internet connections) require PPPoE type connections to be used. PPPoE uses the PPP protocol, similar to dialup modems, but over a standard Ethernet connection. ISPs may prefer this type of connection, as it allows them to use username and password authentication to control access to the provider network. This should only be used if required by the provider.

Use this interface type when you are:
  • Connecting to a provider offering PPPoE connections.

Do NOT use this interface type if:

  • You are not trying to connect to to the internet.
  • The provider does not use PPPoE.

For details on creating a DSL(PPPoE) interface, see KB article 119003

DSL (PPPoA)
Similar to PPPoE, some ISPs require PPPoA type connections in order to connect to their network. PPPoA connections use the PPTP protocol to establish a layer 2 tunnel from the client (in this case UTM) to the provider modem. Similar to PPPoE connections, access to the network is controlled by username and password validation. This should only be used if required by the ISP.

Use this interface type when you are:
  • Connecting to a provider offering PPPoA connections.

Do NOT use this interface type if:

  • You are not trying to connect to the internet.
  • The provider does not use PPPoA.

For details on creating a DSL(PPPoA) interface, see KB article 119002

3G/UMTS Supported USB USB Cellular modem devices may be connected to a USB port on the UTM, and used as an internet connection. 

Typical Uses:
  • Due to bandwidth costs, 3G/UMTS interfaces are typically used as a backup/standby internet connection.
  • 3G/UMTS connections are frequently used in regions prone to storms, where periodic loss of wired internet connections may be more likely than in most areas. 

For details on creating a 3G/UMTS interface, see KB article 119010

 Modem (PPP) If a Dial-Up modem is connected to the UTM's serial port, a Modem internet connection may be configured. This interface type only supports serial port connected modems.

Typical Use:
  • Due to the limited speed of dial-up, this is typically only used as a last resort backup internet connection. 

For details on creating a Modem interface, see KB article 119000

 Non-Connection interface types

 Group Interface groups may be used in a few select areas. For instance, an interface group may be used in Masquerading rules, or to create Multipath balancing rules that apply to more than one interface. 

Typical Use:
  • When more than two internet connections are configured, an interface group may be used to balance some traffic only over some of the available internet connections.

 

 

 

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments