Hi, I am fairly new to Sophos XG and need some advice regarding a particular setup. Currently we have an XG450 (SFOS 17.5.0 GA) setup in Bridge mode as shown: BRIDGE: IP: 192.168.1.40 GW: 192.168.1.1 Gateway Name: WAN1 Routing is NOT enabled PORT 2: WAN (bridge member) PORT 3: LAN (bridge member) Dynamic Routing is off for all Zones All Servers, Network equipment and clients are part of the network 192.168.1.0/24. DHCP is provided by Windows Server with GW: 192.168.1.1. Due to bandwidth limitations we would like to get a second ISP. For testing purposes we have purchased a small Netgear 4G LTE Modem (192.168.2.1). I have connected the 4G modem to PORT 8: Adding the Modem as a second WAN Link Zone: WAN IP: 192.168.2.2 GW: 192.168.2.1 Gateway Name: WAN2 From the WAN The ultimate goal is really to have Firewall Rules and direct certain traffic to either WAN1 or WAN2 using the Primary Gateway setting. But load balance can solve our immediate problem. Just so I don’t make this port too long, I have tried a lot of things but ultimately I believe the main issue is that I can’t get the FW route between the two networks. I tried Enabling Routing on the bridge pair (so it can participate in routing decisions) but when I do that I loose connection to my ISP, even before I start trying to add second link. I am a bit lost with this one, so any help you can give me would be great.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Bridge not Routing

techbsc over 5 years ago

Hi,

I am fairly new to Sophos XG and need some advice regarding a particular setup.

Currently we have an XG450 (SFOS 17.5.0 GA) setup in Bridge mode as shown:

BRIDGE:

IP: 192.168.1.40

GW: 192.168.1.1

Gateway Name: WAN1

Routing is NOT enabled

PORT 2: WAN (bridge member)

PORT 3: LAN (bridge member)

Dynamic Routing is off for all Zones

All Servers, Network equipment and clients are part of the network 192.168.1.0/24. DHCP is provided by Windows Server with GW: 192.168.1.1.

Due to bandwidth limitations we would like to get a second ISP. For testing purposes we have purchased a small Netgear 4G LTE Modem (192.168.2.1).

I have connected the 4G modem to PORT 8:

Adding the Modem as a second WAN Link
- Zone: WAN
- IP: 192.168.2.2
- GW: 192.168.2.1
- Gateway Name: WAN2
- From the WAN

The ultimate goal is really to have Firewall Rules and direct certain traffic to either WAN1 or WAN2 using the Primary Gateway setting. But load balance can solve our immediate problem.

Just so I don’t make this port too long, I have tried a lot of things but ultimately I believe the main issue is that I can’t get the FW route between the two networks.

I tried Enabling Routing on the bridge pair (so it can participate in routing decisions) but when I do that I loose connection to my ISP, even before I start trying to add second link.

I am a bit lost with this one, so any help you can give me would be great.

This thread was automatically locked due to age.

Parents

0 des villar over 5 years ago

under NETWORK -> Interfaces

what did you tag in the network interface facing 1.1? is it a WAN/LAN/or a custome ZONE?

secondly, you should put 192.168.0.40 (or the ip of your sophos firewall) in every client/end-user pc as the gateway.

third make a firewall rule,

from zone : LAN
from host: 192.168.1.2-254

to zone: WAN

to host: any

uncheck NAT & routing boxes, but choose a primary gateway. (choose the WAN interface)

the logic is if you are interconnecting the firewall, it doesn't have a single rule/routing/switching even if you set it up as a bridge mode.. everything must be put up.. different type of zone like LAN, WAN, custom ZONE you will need to specify a routing via gateway if wan or static/policy routing if LAN/custom ZONE
Cancel
Vote Up 0 Vote Down

Cancel
0 des villar over 5 years ago in reply to des villar

it depends on what do you really want to achieve, do you want to have just a firewall router that for filtering inter connected networks? or do you want it to act as a gateway where here you can decide where the end clients will go?

if you want it to just interconnect, tag every interface to LAN, make a firewall rule from

from zone: LAN

from host: ANY or an ip/ range of clients depends on who you like

to zone: LAN

to host: ANY

check the security filter you want and that's it

if you want to control you LAN facing clients and make the firewall as a gateway on where to send the traffic and make 2 connection as the WAN

from zone: LAN

from host: ANY or an ip/ range of clients depends on who you like

to zone: WAN

to host: ANY

check the security filter

uncheck Rewrite source address (masquerading)

uncheck Use gateway-specific default NAT policy

Primary gateway: choose you WAN network where to go
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 des villar over 5 years ago in reply to des villar

it depends on what do you really want to achieve, do you want to have just a firewall router that for filtering inter connected networks? or do you want it to act as a gateway where here you can decide where the end clients will go?

if you want it to just interconnect, tag every interface to LAN, make a firewall rule from

from zone: LAN

from host: ANY or an ip/ range of clients depends on who you like

to zone: LAN

to host: ANY

check the security filter you want and that's it

if you want to control you LAN facing clients and make the firewall as a gateway on where to send the traffic and make 2 connection as the WAN

from zone: LAN

from host: ANY or an ip/ range of clients depends on who you like

to zone: WAN

to host: ANY

check the security filter

uncheck Rewrite source address (masquerading)

uncheck Use gateway-specific default NAT policy

Primary gateway: choose you WAN network where to go
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data