Sophos UTM 9.1 available!

You can download the update from 9.006005 to 9.100008 here: ftp.astaro.de Up2Date-Informations News Major Features Endpoint: Web Protection for UTM Endpoint Network/RED/Wifi: Support for MAC Address Filtering RED: Offline Provisioning VPN: SSL VPN Support for iOS and Android Wifi: Wireless Repeating and Bridging for AP50   Other Features WebAdmin: Replace “Traffic Lights” with Toggle-Switch Design WebAdmin: … Read moreSophos UTM 9.1 available!

Site2Site VPN Tunnel with ClientVPN @ Cisco IOS

Good Morning everyone! I want to describe several VPN configurations on a Cisco router, ASA firewall and Sophos UTM. I will start with Cisco IOS on a Cisco router. In this example you will learn to configure a site2site VPN tunnel with a coincident client VPN access. First we will configure the basic IPsec VPN settings. … Read moreSite2Site VPN Tunnel with ClientVPN @ Cisco IOS

The problems with asymmetric routing

Happy Saturday to all of you! I made some thoughts about the topic asymmetric routing. When I make network audits to new customers I often see multiple gateways in a single subnet (for example for site2site VPNs). They tell me about some weird problems with some intercommunications between those subnets. To better understand the wrong topology … Read moreThe problems with asymmetric routing

Using a VDSL line with Sophos UTM

In this example I will show you how to use VDSL on a Sophos UTM from Deutsche Telekom. It works with home and business lines.  To use PPPoE for VDSL, the network traffic needs to be tagged with VLAN tag 7 in the Deutsche Telekom infrastucture. We will use the ALLNET ALL126AS2 as the external modem. … Read moreUsing a VDSL line with Sophos UTM

Finally my own Sophos UTM

Finally I got my own Hardware for the Sophos UTM Home license. Thanks to my colleagues at work for finding that perfect fitting hardware. I would prefer a passive cooled mainboard with at least two ethernet NICs (internal LAN and internet uplink). You can use any ITX cases but It could be that the power … Read moreFinally my own Sophos UTM

Configuring a fallback for default-route on a Cisco router

This was a wish from one of my customer and I was investing a lot of time to connect the site2site VPN on both WAN uplinks with EIGRP metric and so on… but there is another simple way to configure an automatic default-route fallback which solves all our problems in case the primary WAN links … Read moreConfiguring a fallback for default-route on a Cisco router

Export logfiles before new Installation of Sophos UTM v9

In case that Sophos still has no update for going from Version 8.306 to v9 within an UTM-cluster, I need to reinstall one of the clusternodes at my customers and restore the license file and configuration . In this procedure you are losing all your log files on the device so you need to copy … Read moreExport logfiles before new Installation of Sophos UTM v9

Enabling passive FTP through Cisco ASA

As I explained 1:1 NAT (with example for PPTP passthrough) in this post you can also add more PAT just based on your access-list. I recognized a problem at one customer that FTP needs an inspection firewall entry. The customer runs a passive FTP server on tcp port 3002 which I forwarded to inside: object … Read moreEnabling passive FTP through Cisco ASA