Bridged mode ---> Passing trough VPN ?

Can you show us the Bridge and the other Interfaces? 

Hello 

This is the Bridge Interface, have onother one for WifiGuest autogenerated but it is disabled. (Disabled DHCP for this too)

Tried unchecking "Enable routing on this bridge pair"  but it is the same.

Thank you !

You need in Bridge scenario a LAN to LAN Firewall Rule. 

BTW I'm only using Port 1 and Port 2. (the other 2 ports are not connected)

I will try find more infromation about how to configure it that way, thank you.

Hello 

I've updated the Bridge now looks like this:

Only one WAN and one LAN  (ROUTER (with VPN)---> XG 105 --> FIRST SWITCH).

For full transparent bridge  mode should I use 2 LANS and 1 WAN ?  one for accessing the UI, and another one withiouth IP ?

Still not sure why i need a lan to lan rule, if only have one lan? I thought that lan to lan was used to connect 2 lan interfaces.

Still having issues while connected to internal resources, while using VPn.

Maybe using the XG 105 as a full transparent BRIDGE (like a switch) it could help?  I still would be able to use IPS and AV ?

Any help will be great, thank you.

Solved created a firewall rule Wan to Lan any any... Accept, fully open. And the vpn worked again.  

Not a big deal since it is already behind another fw, going to start to closing and adding filters,

 we were having issues with dhcp any strange ip was assigned to the TV today....I will investigate that.

and whatsapp was not working, till disabled  the filters, app filter was interfering. More things to investigate.

As well Chrome was reporting ssl certificates issued by the xg 105 were not valid..... I imagine xg 105 opens the ssl analyze and add its own ssl, but how do I know if the real ssl, home banking for example have problems if it is obscured by the xg 105 new ssl cert?  The risk is higher maybe than having a virus.

Still a long trip to go, but in the path at least....

Thank you

Hi Gioser,

We've been having the exact same problem, except we VPN connect to Cisco ASA and not the Ubiquiti Security Gateway you're using. May you PM me a screenshot of your firewall rule setup? Any other insight you have since you've created the "WAN to LAN , ANY to ANY" rule would be much appreciated as well. We're only using Sophos XG to filter web and email traffic.

Hi AZNatives

Are you using exact same scenario - XG in bridge mode.

I am trying to implement email protection but...without any success. Could you please share your config(or at least partial)?

A client of our is using edge MKtik router and I am going to implement XG310(Inet--router--Sophos--internal net(

Sophos is in bridge mode(LAN,WAN) with 1 IP in internal network.

It would be great if you share some info.

Also clients mail server is external ;)

SO ext. mail server+bridge mode+email protect+VPN. SO FUN!!

Thank you in advance guys!

The setup documentation implies that bridged mode is completely transparent,  in the same way the Cyberoams were but it isn't true.  As stated above you do need to manually enter a firewall rule allowing all traffic from WAN to LAN.  Because in bridged/transparent mode the Sophos device is behind your regular firewall, this shouldn't cause any issues but does allow any rules you have in your own firewall for WAN access to the LAN to then work.

Bridge mode will simply build a Interface Bridge on XG. 

Therefore you need still a firewall to allow the traffic.