A gateway requires at least two network interface cards to connect an internal LAN to an external one (e.g., the Internet) in a secure fashion. In the following examples, the network card eth0 is always the interface connected to the internal network. Network card eth1 is the interface connected to the external network (for example, to the Internet). These interfaces are also called the trusted and untrusted interfaces, respectively.

Network cards are automatically recognized during the installation. With the Software Appliance, if new network cards are added later, a new installation will be necessary. To reinstall the system, simply make a backup of your configuration, install the software, and restore your backup.

The gateway must be the only point of contact between internal and external networks. All data must pass through Sophos UTM on AWS. We strongly recommend against connecting both internal and external interfaces to one hub or switch, except if the switch is configured as a VLAN switch. There might be wrong ARP resolutions (Address Resolution Protocol), also known as "ARP clash", which cannot be administered by all operating systems (for example, such as those from Microsoft). Therefore, one physical network segment has to be used for each gateway network interface.

The Interfaces menu allows you to configure and manage all network cards installed on Sophos UTM on AWS and also all interfaces with the external network (Internet) and interfaces to the internal networks (LAN, DMZ).

Note – While planning your network topology and configuring Sophos UTM on AWS, take care to note which interface is connected to which network. In most configurations, the network interface with SysID eth1 is chosen as the connection to the external network. In order to install the high availability (HA) failover, the selected network cards on both systems must have the same SysID. Installing the HA failover is described in more detail on page Management > High Availability.

The following sections explain how to manage and configure different interface types on the tabs Interfaces, Additional Addresses, Link Aggregation, Uplink Balancing, Multipath Rules, and Hardware.