Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuring Sophos XG136 Firewall port for connecting switches.

We have 40 Srvers and we want all the users to connect the servers through XG-136. We have 40 Switches out of  which 4 are connected to servers. All of these switches which are connected to servers I want to connect them to North End of the Firewall and our L3 will be connected to south end of the Fitewall. Servers IP addresses are 157.61.3.0/24 whereas Switches have 157.61.10.0/24 as their Managemen IP.s. Users are devided into 4 VLANs. 157.61.2.0/24, 157.61.4.0/24, 157.61.5.0/24, 157.61.6.0/24 respectively 

Kindly advice how to configure Firewall ports for switches which are connected to servers.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    What are you referring to North End and south end of the firewall?

    It would be great if you can share a rough diagram of your network environment.

  • FormerMember
    0 FormerMember in reply to FormerMember

    Hi ,

    Servers IP addresses are 157.61.3.0/24 whereas Switches have 157.61.10.0/24 as their Managemen IP.s.

    You can configure a physical interface with 157.61.10.0/24 subnet and then configure routing on Sophos Firewall to connect to server network 157.61.3.0/24. Assuming this interface is kept in the DMZ zone.

    Users are devided into 4 VLANs. 157.61.2.0/24, 157.61.4.0/24, 157.61.5.0/24, 157.61.6.0/24 respectively 

    For users, you can configure VLAN interface(all are in LAN zone) on Sophos Firewall with required VLANs.

    Sophos Firewall: Configure Virtual LAN

    After that create a LAN to DMZ & DMZ to LAN firewall rules to allow communication between servers and users.

    You may also reach out to Sophos Professional Services to help you to deploy and securely configure Sophos products with organization's security requirements and Sophos best practices.

Reply
  • FormerMember
    0 FormerMember in reply to FormerMember

    Hi ,

    Servers IP addresses are 157.61.3.0/24 whereas Switches have 157.61.10.0/24 as their Managemen IP.s.

    You can configure a physical interface with 157.61.10.0/24 subnet and then configure routing on Sophos Firewall to connect to server network 157.61.3.0/24. Assuming this interface is kept in the DMZ zone.

    Users are devided into 4 VLANs. 157.61.2.0/24, 157.61.4.0/24, 157.61.5.0/24, 157.61.6.0/24 respectively 

    For users, you can configure VLAN interface(all are in LAN zone) on Sophos Firewall with required VLANs.

    Sophos Firewall: Configure Virtual LAN

    After that create a LAN to DMZ & DMZ to LAN firewall rules to allow communication between servers and users.

    You may also reach out to Sophos Professional Services to help you to deploy and securely configure Sophos products with organization's security requirements and Sophos best practices.

Children