I have a question about the correct configuration of the Peplink in front of another router/firewall. Searched the forum but didn’t find something matching.
I am running a Sophos UTM router/firewall behind my Peplink Balance 310X
Requirements:
A) Want to setup outbond rules for dedicated LAN clients to use dedicated ISP
B) Some LAN Clients needs to be reachable from the internet.
Questions:
As I have to setup outbound rules for requirement A and inbound rules (Servers & Services) for requirement B i need the Peplink to see the LAN clients itself. Is the only way to make the LAN clients visible for the Peplink to deactivate the NAT on my Sophos firewall?
What ist the right setting for the Peplink Firewall using a Firwall without NAT behind the Peplink? “Block all” and add manual rules same as the inbound rules or are these automaticaly allowed?
That would be the cleanest way, yes. Otherwise you’d need to NAT traffic to whatever IP the Sophos has that faces the Peplink and then NAT again on the Sophos.
It’s a stateful firewall, so the usual rules and config apply.
Be aware the default / implicit rule on the Peplink is “permit any any” so change that to deny on inbound and then permit explicitly what you want through.
Rules are not automatically created by adding an inbound port forwarding rule on the Peplink.