Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 42 subscribers
  • Views 53035 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge mode limitations

scaledem

Hi guys,

What are the limitations for the bridge mode? I heard that the site to site vpn was not possible, what else? Red? VPN Ssl?

Thank in advance



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to scaledem

    Hi Scale Dem,

    As Luk mentioned bridge mode does not support VPN Termination (covers site2site/remote/RED), Multiple WAN Links.

    The best way to think of it is that in bridge mode the XG appliance is not acting as a router/traditional firewall because it is sitting in line of the traffic flow (it only get a single IP address in the network for management purposes such as GUI and Identity), this means it is not terminating connections in the traditional sense (which prevents us from providing the above functionality).

    If your requirement is to provide this functionality you could deploy the XG Appliance in Gateway Mode, replacing your existing firewall/router. Additionally you could enable mixed mode by creating a bridge segment for a part of the network it might not see as the network gateway.

    Information on how to setup bridge mode can be found @ https://community.sophos.com/kb/en-US/122973

    Hope this helps clarify the setup for you

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

  • 0 in reply to Leon.Friend

    Leon,

    not all the time is possible to deploy UTM/XG in routing mode and replace the existing firewall. HA in bridge mode, if I remember correctly, is supported on UTM. Also some other VPN features are supported. Can you confim that?

    Thanks.

  • 0 in reply to Leon.Friend

    Hi Leon,

    is there any other functionality that Sophos XG in pure bridge mode does not have, comparing with gateway mode, apart of router functionality? Like Web/App control, ATP, Security Heartbeat?

    Thanks in advance.

    Regards,

    Jose 

  • 0 in reply to JoseCasanova

    Hi Jose,

    Web Protections such as Web Filtering and Application Control is supported, likewise Network Protections such as IPS/ATP and security heartbeat are supported.

    Hope this helps

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

  • 0 in reply to Leon.Friend

    Hi,

    Can you clarify the following point :

    Is it possible to do HA with bridge ?

    Is it possible to filter https with bridge ?

  • +1 in reply to scaledem

    scaledem said:

    Hi,

    Can you clarify the following point :

    Is it possible to do HA with bridge ?

    Is it possible to filter https with bridge ?

    Yes, the policy engine still functions as such you can perform HTTPS Decryption, Web Filtering, Application Filtering, Traffic Shaping, Malware Scanning, Identity Integration and implement the Firewall/Policy Rules.

    HA is supported in Mixed mode / Gateway Mode.

    More information can be found in the knowledge base at 

    - How to Configure Bridge in Sophos Firewall: https://community.sophos.com/kb/en-us/123098

    - Deploy Sophos Firewall in Bridge Mode: https://community.sophos.com/kb/en-US/122973 

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

Unfiltered HTML