I have my production network running through a UTM120, all clients have the gateway address of the UTM120 (10.0.0.1). I'm trying to add a router that connects the production network to a non trusted LAN and implement Port Forwarding to an FTP Server on the production network. I gave the second router an internal address of 10.0.0.8 and a WAN address of 192.168.50.1. From the untrusted side, I was not able to access the FTP site until I changed the FTP Servers default gateway to 10.0.0.8. It worked fine however it disabled the internet on the server as there is no path out through that gateway. I then changed the gateway back to 10.0.0.1 and started looking at static/policy routing on the Sophos device. Is it possible to route specific traffic back to the 10.0.0.8 gateway to allow the FTP session to work? Policy Routing based on a port number (I don't want to use a standard anyway) sounds like a perfect solution, however I'm unable to get this to work. I've tried every possible static route and policy route I can imagine, this is what I have in a policy route currently:
Policy Route
Route Type: Gateway route
Source: Internal
Source Network: 10.0.0.0/8
Service: FTP
Destination Network: ANY
Gateway: 10.0.0.8
Any suggestions on how to get this to work or different solutions? Thank you.
Policy Route
Route Type: Gateway route
Source: Internal
Source Network: 10.0.0.0/8
Service: FTP
Destination Network: ANY
Gateway: 10.0.0.8
Any suggestions on how to get this to work or different solutions? Thank you.