MAX BR1 Passthrough


We have a Pepwave MAX BR1 above our Sophos UTM SG210. This works great, it allows the client to fail over to cellular when their cable goes down etc. However, I am unable to make the device pass through ALL incoming traffic to the UTM. I’ve had to create Port Forwarding rules to send it to the WAN IP of the UTM and I know this isn’t the right way to do it (unless we didn’t want pass-through).

So my question is, how do I need to go about setting up the BR1, which is above the UTM so that all traffic is automatically forwarded to the UTM and we can handle all of the firewall rules on the UTM itself and not worry about opening ports or forwarding ports on the BR1.

I hope that makes sense.

Are you talking about passing through the cellular IP address or the Ethernet WAN IP address? Can you confirm it is static? Thanks.

Hi Sorry for the confusion,

We have our ISP connected to the BR1’s WAN. We want all WAN traffic (and in fact Cellular if/when it fails over) passed through to eth1 (or eth0 - I forget how they’re labeled) where we have the WAN port of our Sophos UTM plugged in. Yes - the WAN IP is static. The current topology is this:

ISP with Static IP
BR1 with WAN (Configured with above Static IP) and Cellular. Internal IP address is
Sophos UTM with WAN set to Static IP of using the BR1’s IP as the ‘WAN’ address / default gateway.

What we’d like is any external traffic that hits the BR1 to be sent straight to as if there was nothing ‘in-between’ where we can leverage all the FW rules etc. we have established already. In essence, make the UTM think that traffic is coming from the internet, not another device above it.

I hope that helps, please let me know if you need any more info and I’ll be happy to provide whatever you need.

I had wondered about adding a static route of / with gateway of (Sophos UTM). Would that work? My only concern is then loosing the ability to maybe manage the BR1 from InControl2.

Look like you are looking for bridge mode on WAN and Cellular of BR1. We support the similar feature (IP Passthrough) on Cellular of BR1 only. Please find the screenshot below. Please ensure you are getting public IP from the cellular ISP

1 Like