Bridge Mode not working

I can't get Sophos XG to work in bridge mode - spent hours now trying various things and following posts on here...but nothing. Anyone got any idea what I'm missing or doing wrong please?

SFOS 17.5.12 MR-12

ESXi 6.7 U3, 4 physical NICs

VM deployed using OVF (tried: 'sf_virtual.ovf', 'sf_virtual_vm8_paravirtual.ovf') plus creating from scratch and importing disks.

UniFi USG <-> WAN vSwitch <-> Sophos XG <-> LAN vSwitch <-> Physical Switch

Both vSwitches have Promiscuous mode enabled.

Tried various VM conifgurations: E1000 & VMXNET3 network adapters, SCSI, Paravirtual...doesn't seem to make any difference.

During setup Sophos gets a DHCP address from the UniFi USG (I've tried DHCP but typically assign static address 192.168.1.2) but once the setup wizard completes and the device restarts I can access Sophos XG from the LAN on the assigned IP, but it cannot access the internet and no other traffic gets through either.

USG (Gateway) is 192.168.1.1

Added Firewall rules for all traffic from LAN to WAN and vice versa, and also a single ANY -> ANY rule.

Disabled DHCP on the guest network.

 

Appreciate you reading this :-)

  • Hi,

    why do you have a wan to lan without any filtering?

    Have you enabled NAT on any firewall rule?

    In logviewer which rule id dropping the traffic.

    Ian

  • You probably need to accept Promiscuous mode and Forged transmits, in vSwitch's port group configuration.

  • In reply to core_memory:

    core_memory

    You probably need to accept Promiscuous mode and Forged transmits, in vSwitch's port group configuration.

     

    This was it! I did not have Forged transmits on; once enabled traffic started flowing through the XG. Thanks heaps!

    Can't believe after so many hours on this that it was so simple...this should be mentioned in the support doco! (Or at least I couldn't find it in anything I found on here or elsewhere)