Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Alias Interface

Idris Sanni

I have a Sophos XG Firewall and all its interfaces are used up.

My LAN IP address is already used up and want to create another subnet on that same interface.

I created an Alias but could not configure pool of IP address because the interface has another IP address.

Kindly help with what I'm missing out or another way to go about the configuration so that users will be assigned IP addresses within this new pool.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Sophos Firewall doesn't allow to create DHCP server on an alias interface.

    If you have a manageable switch, then you can segregate your network into different VLANs. Later add the VLAN interface on Sophos Firewall and configure the DHCP server with that VLAN interface.

    Add a VLAN interface

    OR

    If the IP pool is full then you can change the subnet mask of the current LAN interface to have multiple host addresses.

    • 0 in reply to FormerMember

      I want it on the firewall since it acts as the DHCP server.

      However, i did not even thought of changing the mask from 24 to like 23 to accommodate additional IP.

      • 0 in reply to Idris Sanni

        if I change the mask, devices will not be able to communicate on the network

        • 0 in reply to Idris Sanni

          They will refresh next power on. Not only that, your existing ip range will be in the /23 so the users will be fine and your firewall rules will be updated.

          XGS118 - v21.5.0

          XG115 converted to software licence v21.5.0

          If a post solves your question please use the 'Verify Answer' button.

          • 0 in reply to rfcat_vk

            What do you mean by "they will refresh on power on"?

            Also I saw somewhere that leaving the mask of the subnet used up as /24, configure another vlan on the interface then making the switchport connected to the XG a trunk port can also resolve.

            • FormerMember
              0 FormerMember in reply to Idris Sanni

              To get an updated subnet mask, you'll either need to renew the IP address configuration or need to reboot the end machine once.

              As I suggested earlier you can configure VLAN on the manageable switch to distribute internal networks and then configure VLAN interface and DHCP server accordingly on the Sophos Firewall.

              • 0 in reply to FormerMember

                My fear is this, all my ubiquiti access points are connected to the switch, if I configure VLAN on that switch and assign ports to each of the VLANs created, there might not be communication between end devices.