Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • Locked Locked
  • Replies 5 replies
  • Subscribers 39 subscribers
  • Views 26420 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge Mode deployment not working

Dionisio IIIHicban

Hi All.

I have setup a Sophos Home OS in a virtual environment and I have no problems with it when it is set as Gateway mode. The problem I have is I need it to be working in Bridge Mode. Let's consider Port A=WAN and Port B=LAN, the interfaces I have set for bridge mode. I have a router with, for the sake of example, IP address 192.168.60.1 that serves as the gateway for internet use.

I plugged Port A to router; and I plugged Port B to a switch where the PC is connected. I set Sophos as Bridge Mode and set an IP 192.168.60.5 for Sophos. And, of course, the gateway IP is the router which is 192.168.60.1. I created an initial policy LAN to WAN with web filter that disallows video streaming and common adult sites.

Now, my problem is upon connecting a PC to the switch (same subnet as the router, and an unmanage switch for this) and monitoring the dashboard of Sophos admin, or even the traffic, there are no traffic passing through it. I can still access streaming sites and adult sites even though I already set to block it. Did I plug something wrong with it?

**By the way, I already read the transparent mode of UTM and the KB for bridge deployment as well several times.



This thread was automatically locked due to age.

  • Deejauy,

    on your ESX did you create 2 vSwitch (one for WAN and one for LAN) where promoscous mode is active?

    Then create the bridge and everything should work as expected.

  • in reply to lferrara

    Hi ilferra,

    I'm using Windows Server 2012 R2 and enabled its virtual machine role where I house Sophos home. I have one NIC for LAN, and another for WAN. I have no problems setting it as Gateway mode, but I can't make it work as Bridged mode.

    In bridge mode, I should set the gateway of the client as the ip address of the router gateway, right?

  • in reply to Dionisio IIIHicban

    Deejay,

    I do not have a lot of experience on Hyper-V. Anyway you should use 2 different physical card, create 2 virtual switch and create 2 virtual nic where mirroring mode is enabled.

    Have a look at this link:

    http://blog.ittoby.com/2013/08/hyper-v-port-mirroring-and-network.html

    If you will be able to configure it, share your configuration here.

    Thanks.

  • in reply to lferrara

    lferrara,

    Thanks for the tip. I'll try to enable the mirroring mode since that's the only thing I haven't done yet. I'll get back if I will discover something helpful for others to see as well.

    Thanks!

  • This is just for the sake of everyone following this. I failed to implement it via HyperV. Thus, I resulted to using VMWare ESXi Hypervisor. Easy steps to follow and bridge mode deployment of Sophos XG works fine:

    1. Download Sophos XG for VMware

    2. Download and Install VMWare ESXi HyperVisor (there is a free license with limited features but enough for a home deployment)

    3. Import the Sophos XG to VMWware

    Now, make sure of the following requirements before you turn on the Sophos VM and set it up in bridge deployment:

    1. Physical Port1 in vSwitch0 of the Sophos VM for LAN (vSwitch0 is inherent when you will import the Sophos XG for VMWare)

    2. Physical Port2 in vSwitch1 of the Sophos VM for WAN (you need to create vSwitch1 under networking menu in ESXi client)

    3. Promiscuous mode of vSwitch0 and vSwitch1 should be allowed.

    I already abandoned searching and testing out deploying Sophos XG in HyperV as bridge mode as I really can't get it work and it's consuming my time.

Unfiltered HTML