Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLANS behind RED 50 in standard/split mode

Hi Guys

Having some trouble setting up VLANS behind RED 50 Devices that are setup in standard/split mode.

Basically we have a PBX on vlan 100 at site 2 that's SIP traffic needs to go out via the WAN of site 2. There are IP handsets at site 3 that are on vlan 100 that need to hit the PBX at site 2. Is there any way to get this to to work without having to change the config to be standard/unified.

Below is the current configs.

 

Sophos XGSFV1C2 - Site 3

Port A - 10.1.1.254/24 - Zone LAN1

Port B - 1.1.1.1 - Zone WAN

 

RED 50 Site 1

reds1 - 10.2.2.254/24

Zone -  LAN (Standard/Split with Spilt networks assigned for 10.1.1.0/24, 10.3.3.0/24, 10.2.200.0/24, 10.3.200/24)

Switch Mode - vlan -

Lan 1 Tagged (Trunk Port) 

LAN VIDs - 100

reds1.100 - 10.2.200.254/24 

Zone - LAN

 

RED 50 Site 2

reds2 - 10.3.3.254/24

Zone - Lan (Standard/Split with Spilt networks assigned for 10.1.1.0/24, 10.2.2.0/24, 10.3.200.0/24, 10.2.200.0/24)

 

Switch Mode - vlan -

Lan 1 Tagged (Trunk Port) 

LAN VIDs - 100

reds2.100 - 10.3.200.254/24

Zone LAN

 

 

Firewall Rules

LAN -> WAN

LAN1 -> WAN

LAN -> LAN1

LAN1 -> LAN

 

 

Off of LAN port 1 at each of the Red Sites is a switch which has its port with vlan 100 tagged and native vlan 1

Currently with this setup, when the RED receives the config, the data vlan 1 network is unable to ping out to the internet or to any other sites

 

If we change the Switch mode from vlan to switch, data over vlan 1 returns to normal.

 

 

 



This thread was automatically locked due to age.
Parents
  • Hi  

    Standard/Split mode

    Standard / Split mode is physically similar to Standard / Unified. We expect that the remote network may be managed by the Sophos XG Firewall, and can provide DHCP to the remote LAN. The RED is likely the only device between the LAN and the internet, only traffic for selected networks is sent through the tunnel. All other traffic is sent directly out of the local internet connection. The RED masquerades outbound traffic to come from its public IP address. This feature minimizes bandwidth usage over the tunnel and lightens the bandwidth requirements on the Sophos XG Firewall, but it also reduces the manageability of the remote network substantially. Traffic to or from the internet cannot be filtered or protected from threats. Security can only be applied between the remote and local LANs.

    If the RED loses contact with the Sophos XG Firewall, and the tunnel fails, the RED stops routing traffic. Remote LAN users lose access to the internet and the Sophos XG Firewall’s internal networks until the tunnel can reconnect.

    Please refer to the article for more information- https://community.sophos.com/kb/en-us/126454

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Reply
  • Hi  

    Standard/Split mode

    Standard / Split mode is physically similar to Standard / Unified. We expect that the remote network may be managed by the Sophos XG Firewall, and can provide DHCP to the remote LAN. The RED is likely the only device between the LAN and the internet, only traffic for selected networks is sent through the tunnel. All other traffic is sent directly out of the local internet connection. The RED masquerades outbound traffic to come from its public IP address. This feature minimizes bandwidth usage over the tunnel and lightens the bandwidth requirements on the Sophos XG Firewall, but it also reduces the manageability of the remote network substantially. Traffic to or from the internet cannot be filtered or protected from threats. Security can only be applied between the remote and local LANs.

    If the RED loses contact with the Sophos XG Firewall, and the tunnel fails, the RED stops routing traffic. Remote LAN users lose access to the internet and the Sophos XG Firewall’s internal networks until the tunnel can reconnect.

    Please refer to the article for more information- https://community.sophos.com/kb/en-us/126454

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Children
No Data