Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 43 subscribers
  • Views 21696 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to split initial br0 interface into LANs?

Speatech

Hi,

my firewall is setup in route mode. By default, it bridges the LAN port and all spare ports into an interface calls br0. I can not delete this interface since I won't be able to access it anymore.

I am trying to set VLAN on Port1 and it won't allow me as long as it belong to the interface br0. 

According to what I red, creating a VLAN on a bridge will be possible on firmware V18. Not presently possible.

So how can create a separate LAN with port 1?



This thread was automatically locked due to age.
  • 0

    Hi,

    what is wrong with connecting in via port 2 which appears to be a standalone LAN connection?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I am using port 2 to connect to the modem (WAN).

    I could remove port 3 from the interface br0. But I reserve port 3 as WAN Failover.

  • 0 in reply to Speatech

    Why not disconnect from the WAN for a minute or two to change the BR0 settings?

    Does the WAN modem have multiple interfaces, if so connect in via that without disconnecting the WAN assuming you have enabled WAN access?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    I've finally succeeded. What I did:

    1. Modify br0 interface to keep only Port3 and up. Click on Save. Process spinning wheel will keeps turning indefinitely. Go next step.
    2. Disconnect the LAN network cable(Your computer) from Port1 and connect it to Port3. Refresh your firewall configuration web page. Port1 should be now available.
    3. Change your DHCP to allow one more interface IP. I am presently connecting to 192.168.1.1 to access the device. So I modify the DHCP to start from 192.168.1.3 so I can use 192.168.1.2 to access the device from Port1.
    4. Once the DHCP is modified, edit Port1. Set the zone as LAN and IPV4 as 192.168.1.1. Click on Save. Reconnect the LAN network cable to Port1. Refresh your firewall configuration web page.
    5. You can now delete the interface br0. Optional : You can modify the Port1 interface IP to 192.168.1.1 and set your DHCP to start from 192.168.1.2
    6. Create a VLAN on Port1 is now possible.

    Note : If you can not access the firewall configuration web page after a refresh : open CMD, type ipconfig /release then ipconfig /renew. Wait 10 seconds and try to refresh the web page again.

     

  • 0 in reply to rfcat_vk

    The interface I(192.168.1.1) use to access the device is on the LAN. WAN has no effect on this.

    There is a warning saying that I can not delete br0 since it is the only interface(192.168.1.1) I can use to access it.

    Tks anyway, I found a solution.

  • 0 in reply to Speatech

    Just wanted to comment on the solution above.  To avoid moving cables etc. simply turn on HTTPS for the WAN port under Administration (port2) and configure the bridge from that port.

  • 0 in reply to Peter Shubitowski

    Do not forget: The Wizard tells you, he is creating a Bridge with all selected interfaces. 

    This is the default configuration, but you can change this in the wizard. 

    __________________________________________________________________________________________________________________

  • +1 in reply to LuCar Toni

    To expand on this a bit: During initial setup, the wizard presents all internal interfaces and has them all selected (showing as green), which means it will create a bridge with all those interfaces. Port2 is blue and denotes the WAN interface.

     

    If you do not want to have a bridge to begin with (because you will add VLANs to the internal ports), simply click on each interface to remove it from the bridge. Once you have un-select all but Port1, the setup will actually not create a bridge at all (Since it needs two interfaces for a bridge).

     

    The net result will look like this:

    No bridge!

     

    Hope that helps,

    Christian

  • 0 in reply to Christian Nancy

    In V18, you can add VLANs to a Bridge. Just another addon to this Post. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes, I can't wait for that feature to be available. That and renaming interfaces.

     

    For now though, you get that: https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-and-issues/116573/bug-in-eap1-admin-portal-access-from-non-privileged-vlan-interface

     

    I hope they really button up the firmware before GA.

Unfiltered HTML