Hi, recently we setup a second office and are using a Sophos RED60 to connect to our main site running a sophos xg450. Its a super basic setup since the RED device acts as a VPN passthrough and all settings are on Sophos. Were still getting equipment setup but I noticed VoIP calls didnt seem to work when dialing internal and I also cannot ping that subnet.
A policy test revealed packets dropped due to no rule. I created a Lan to Lan Any Any rule and everything now works. I went through some documentation and it seems like thats what sophos recommends as well.
My question to you experts is, should I put anything else in place to help lock that down?? Ive done some research but I cant find a discussion on this.
My fear is its a security risk somehow but only because I know "any to any" rules are typically terrible but this is lan to lan so im not sure.
We have Juniper switches with a few VLANs so you would think all internal traffic is handled and dropped by that as needed. The firewall is only needed because packets to my RED device must pass through the sophos. Im guessing it needs that LAN rule to work in that direction.
Sorry for the long winded post, any insight is greatly appreciated!!
No comments:
Post a Comment