Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 1119 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Two XG Firewalls: can we bridge lan over VPN with no NAT?

Chris Shipley

I have 2 locations that both have fiber Internet and Sophos XG firewalls running the latest version 18.5.1 of the firmware.

Location 1 - HQ
XG 230 with Sophos XG 18.5.1
WAN - Fiber
LAN - Port 6, running DHCP, no Internet access granted, just LAN

Location 2 - WareHouse
XGS 136 with Sophos XG 18.5.1
WAN - Fiber
LAN - ?

Can we bridge the LAN at Location 2 Warehouse to LAN at Location 1 HQ and have them use the same subnet? I want the fact that they are connected over a VPN to be transparent to the devices that connect to it. I tried to search for details on how to bridge 2 firewall LAN interfaces over a WAN VPN link, but wasn't successful.  Is it possible?  We have an old IP-based walkie talkie solution we are trying to expand into a new location, but it can't handle NAT or multiple subnets.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Chris,

    Thank you for contacting the Sophos Community.

    I would recommend you to reach out to your Sales Engineer, for this type of scenario.

    However, if you create a VPN with NAT using the following KB I believe you might be able to do achieve what you want, this method uses NAT in the tunnel.

    The other way I am thinking would be to use a RED device, then bridge the RED to the XG where you want the devices to be in the same subnet.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    You can use a RED site to site Tunnel. Then bridge both LAN with the RED interface on both firewalls and this will lead to a big network and VPN bridge. But i highly recommend to be "simple" and not expand this to a bigger setup.

    All and every broadcast packet will be forwarded to the other destination. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Ahh yes thank you, I have in the past looked at doing the red connection between two firewalls and noticed it creates a red interface.  I'll give this a try.  It's for a basic application with 10 devices on it so it's worth a shot.  The bandwidth requirements are measured in kbps so it might be fast enough with traffic priority and bandwidth garuntees over the fiber connections.

Reply
  • 0 in reply to LuCar Toni

    Ahh yes thank you, I have in the past looked at doing the red connection between two firewalls and noticed it creates a red interface.  I'll give this a try.  It's for a basic application with 10 devices on it so it's worth a shot.  The bandwidth requirements are measured in kbps so it might be fast enough with traffic priority and bandwidth garuntees over the fiber connections.

Children
No Data
Unfiltered HTML