until now I used XG as virtual machines.
so adding a new VLAN was to add an network interface at VMware/Hyper-V, set a VLAN tag on VMware/Hyper-V and use a new interface.
In appliance there are limitations because of the physical interfaces within the XG.
So I understood, that you add a VLAN Interface on the corresponding physical interface (IP of the physical interface is needed but not used), configure a VLAN tag on the switch/router and the rest of the network and go ahead. but no success.
Also described here: community.sophos.com/.../123127
Config is like this:
XG 210 Port 5: IP 188.8.131.52/255.255.255.255 (must be configured but is not used - is this right?).
VLAN Interface on Port 5: I: 192.168.10.2/24, VLAN 34
VLAN Tag set on Switch and all other devices.
Most likely you can also go with a DHCP Interface on the Physical port. Like Port5 DHCP ON. So this IP will stay "dead".
Then you go with a VLAN Interface on the Port5.
This should work fine, if everything is in place.
You can verify it via tcpdump.
Start with a 'ifconfig'
You should see Port5 and Port5.34
If you start to perform a 'tcpdump -ni Port5' you should see all traffic (VLAN included).
And with 'tcpdump -ni Port5.34' should show you the "plain traffic".
Better late than no answer from myself. Thank you!