How to remove Bridge without disruption?

New to XG Firewall, and trying to resolve an issue.

Another Tech setup this XG135 Firewall, and configured a Bridge Interface for ports 1 and 3-8. Routing is enabled on the Bridge.

We are seeing issues with LAN to LAN communication. The Firewall is blocking access to other LAN devices.

We want to allow all LAN to LAN traffic without filtering.

There is one cable connected to the Switch, on XG port 2.

How can we remove the Bridge, and just have a LAN Interface on Port 2?  Can we re-configure it without disruption to users?

Thanks!

  • Can we just uncheck "Enable routing on this bridge pair" to disable LAN-to-LAN filtering?  Will that cause disruption?

  • In reply to Eric Swisher:

    Hi  

    Unfortunately the removal of the bridge will result in network disruption to your clients. Prior to performing this, ensure that you still have access to the device via the WAN port or via Console access. May I ask if you are still experiencing this LAN-to-LAN communication issue after creating a LAN to LAN allow firewall rule?

    Regards,

    FloSupport | Community Support Engineer

  • In reply to FloSupport:

    FloSupport
    May I ask if you are still experiencing this LAN-to-LAN communication issue after creating a LAN to LAN allow firewall rule?

    According to the Client, yes. 

    Created a Firewall rule for Source Zone LAN, Source Network Any, Destination Zone LAN, Destination Network Any, Services Any, Uncheck Match Known Users, No Malware Scanning, Everything else None.

  • In reply to Eric Swisher:

    Hi  

    Based on your description, that firewall rule should allow access for this traffic. What are you able to observe on the Packet Capture tool available on the GUI? Does it describe any  traffic violations?

    Regards,

    FloSupport | Community Support Engineer

  • In reply to FloSupport:

    We removed the Bridge and set Port1 as the LAN.

    Client is still reporting an ActiveX Control installation via browser to their internal Phone Server (192.168.14.x IP) is being blocked by Sophos Web Protection, as a restricted file type.

    At this point we do not want any kind of filtering on LAN devices.

    We already have the Phone Server IP entered in Web Exceptions for HTTPS Decryption, Malware / Content Scanning, Sandstorm and Policy Checks.

  • In reply to Eric Swisher:

    You need to setup a firewall rule that does not have any http functions ticked, web or application.

    Ian

  • In reply to Eric Swisher:

    Hey  

    Is Sophos Endpoint also installed on your client's PCs? Just wanted to confirm that this block is not being caused by it's Web Protection feature.

    You mention that you do not want any kind of filtering for LAN to LAN communication, have you created a LAN to LAN network firewall created with no filtering (web,application) configured?

    Regards,

    FloSupport | Community Support Engineer