We'd love to hear about it! Click here to go to the product suggestion community
Having some trouble setting up VLANS behind RED 50 Devices that are setup in standard/split mode.
Basically we have a PBX on vlan 100 at site 2 that's SIP traffic needs to go out via the WAN of site 2. There are IP handsets at site 3 that are on vlan 100 that need to hit the PBX at site 2. Is there any way to get this to to work without having to change the config to be standard/unified.
Below is the current configs.
Sophos XGSFV1C2 - Site 3
Port A - 10.1.1.254/24 - Zone LAN1
Port B - 184.108.40.206 - Zone WAN
RED 50 Site 1
reds1 - 10.2.2.254/24
Zone - LAN (Standard/Split with Spilt networks assigned for 10.1.1.0/24, 10.3.3.0/24, 10.2.200.0/24, 10.3.200/24)
Switch Mode - vlan -
Lan 1 Tagged (Trunk Port)
LAN VIDs - 100
reds1.100 - 10.2.200.254/24
Zone - LAN
RED 50 Site 2
reds2 - 10.3.3.254/24
Zone - Lan (Standard/Split with Spilt networks assigned for 10.1.1.0/24, 10.2.2.0/24, 10.3.200.0/24, 10.2.200.0/24)
reds2.100 - 10.3.200.254/24
LAN -> WAN
LAN1 -> WAN
LAN -> LAN1
LAN1 -> LAN
Off of LAN port 1 at each of the Red Sites is a switch which has its port with vlan 100 tagged and native vlan 1
Currently with this setup, when the RED receives the config, the data vlan 1 network is unable to ping out to the internet or to any other sites
If we change the Switch mode from vlan to switch, data over vlan 1 returns to normal.
Hi Adam Kangas
Standard / Split mode is physically similar to Standard / Unified. We expect that the remote network may be managed by the Sophos XG Firewall, and can provide DHCP to the remote LAN. The RED is likely the only device between the LAN and the internet, only traffic for selected networks is sent through the tunnel. All other traffic is sent directly out of the local internet connection. The RED masquerades outbound traffic to come from its public IP address. This feature minimizes bandwidth usage over the tunnel and lightens the bandwidth requirements on the Sophos XG Firewall, but it also reduces the manageability of the remote network substantially. Traffic to or from the internet cannot be filtered or protected from threats. Security can only be applied between the remote and local LANs.
If the RED loses contact with the Sophos XG Firewall, and the tunnel fails, the RED stops routing traffic. Remote LAN users lose access to the internet and the Sophos XG Firewall’s internal networks until the tunnel can reconnect.
Please refer to the article for more information- https://community.sophos.com/kb/en-us/126454