This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge Interface setup

Hello,

What would be the best approach to bridge my spare interfaces to the current LAN port.

I have two spare ports and would like to add additional switches on them but i require them to function and setup as the current working LAN port.

I have a IP assigned with DHCP on the current LAN port and also a VLAN created for the guest access.

Thanks



This thread was automatically locked due to age.
Parents
  • I think you haven't already gotten an answer from someone because it's not clear what you're trying to accomplish.  The last sentence is especially confusing.  Maybe a simple stick diagram with IPs and VLAN IDs would help...

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello

    See attached network diagram.  We currently have eth3, eth4 free and i would like to have the exact same configuration as i have for the eth1 with two additional switches.  I need all the devices on the additional switches to be on the subnet range i have created on for eth1 including the VLAN 10

     

  • Assuming your existing config has 2 interface (inside and outside), then you need 3 unused interfaces to create a bridge.   Suppose your inside interface is 192.168.*.*

    • If you have any objects that are hard-coded to an interface, now is the time to change them to <any>.   Locked objects are a bad idea anyway.
    • One unused interface will be for your laptop, so that you have connectivity to create the bridge.   Suppose it uses 10.10.10.10
    • Two unused interfaces are needed to create a two-NIC bridge.
    • Once the bridge is created, you simply move addresses to the bridge, and the original inside interfaces becomes unused.
    • Once the configuration is stable, you don't need the laptop interface any more either, but it might be nice to keep it around for an emergency.

    If you do not have three unused interfaces, you will need to recreate the configuration from a factory load, one item at a time.

    Linking the switches to each other is probably easier.  If the switches are recent vintage, the performance impact of the extra hop should be trivial.

Reply
  • Assuming your existing config has 2 interface (inside and outside), then you need 3 unused interfaces to create a bridge.   Suppose your inside interface is 192.168.*.*

    • If you have any objects that are hard-coded to an interface, now is the time to change them to <any>.   Locked objects are a bad idea anyway.
    • One unused interface will be for your laptop, so that you have connectivity to create the bridge.   Suppose it uses 10.10.10.10
    • Two unused interfaces are needed to create a two-NIC bridge.
    • Once the bridge is created, you simply move addresses to the bridge, and the original inside interfaces becomes unused.
    • Once the configuration is stable, you don't need the laptop interface any more either, but it might be nice to keep it around for an emergency.

    If you do not have three unused interfaces, you will need to recreate the configuration from a factory load, one item at a time.

    Linking the switches to each other is probably easier.  If the switches are recent vintage, the performance impact of the extra hop should be trivial.

Children
  • Hi,

    Just an update seems like i managed to do this without needing an additional spare port.  I manage to change the current eth0 to be an Ethernet bridge and selected the other two to be part of it.

    I did lose connection briefly and thought i will have to factory default start a fresh install but seems to have come up fine and working as expected.

    Still working through other settings to make sure its working as expected.

    Thanks

  • This explains how to bring interfaces but i want to bridge the inside and outside interface to pass all L2 traffic through. Look at the follow diagram showing the PC as the Sophos UTM gateway

  • Hi Joe and welcome to the UTM Community!

    Are you showing us what you did or are you asking for help in configuring that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hey Bob,

     

    What i am showing you is what i am trying to accomplish. I just wanted the UTM to filter traffic while the inside and outside are on the same local LAN with out NATing.

    thanks!

  • Is your problem with web browsing, Joe?  If so, then set Web Filtering into 'Full Transparent' mode.  Was that it?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA