Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 1359 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Create a vlan (AP SSID), when connected by devices, seemingly behave as it isn't behind Sophos firewall, get's public IP

jang430

Is there a way to create a vlan allow connected devices (via AP) bypass firewall?

My current SSID in Vlan has a different IP subnet from my home devices.  There are times I want to connect devices that totally bypass home firewall.  This setup doesn't work.  Is there a way to do this?



This thread was automatically locked due to age.
Parents
  • 0

    Are you thinking 1:1 NAT for a wireless connected endpoint?  Do you have static IPs you can assign?  Is this is a home firewall at your residence behind residential internet service? Normally impossible to get a static IPv4, unless your are on a smaller ISP.  Whats the use case for this setup?

Reply
  • 0

    Are you thinking 1:1 NAT for a wireless connected endpoint?  Do you have static IPs you can assign?  Is this is a home firewall at your residence behind residential internet service? Normally impossible to get a static IPv4, unless your are on a smaller ISP.  Whats the use case for this setup?

Children
  • 0 in reply to Matthew Ritchie

    Hi Matthew.  Not sure what is 1:1 NAT.  I basically want some devices to be able to bypass firewall for troubleshooting.  I'm using home firewall.  I only get a public IP address.  

  • 0 in reply to jang430

    Step 1You can create a LAN2WAN Firewall rule that matches the device, vlan/subnet you are targeting and just dont enable any of the policies on it, no web, app, ips, etc.

    Step 2 (Optional if IP available) If you have a "spare" Public IP Address that you can split off and assign (as an alias interface on your WAN), you could NAT that IP completely to the wireless endpoints IP address, so any traffic to "PUBLICIPXX" is NAT'd to "WIRELESSENDPOINT1".

    But if you just want to bypass firewall security, follow step 1.  If this doesnt achieve what you want, let me know

  • 0 in reply to Matthew Ritchie

    Thanks Matthew.  Will do step 1.  I don't have extra public IP though.  

Unfiltered HTML