Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 39 subscribers
  • Views 3379 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG in bridge mode with vlans

stego

I'm running Peplink router with 2 POE APs, multiple SSIDs and Vlans.

Deployed Sophos XG in bridge mode between the Peplink router, and POE switch. WAN/LAN connections from the Sophos are both connected to trunk ports (any vlan).

My bridge interface is configured like the following:

Firewall rules:

Linked to Nat rule #2:

Sophos Central no issue seeing and connecting to the firewall...

At first, my wifi devices were working, but then noticed appletvs with no connection and some wifi devices getting disconnected.

Noticed AppleTv traffic blocked in FW incoming ...

Any tips or advice?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    1/. delete the mail rule, that is an open relay.

    2/. delete the linked nat rule

    3/. you do not need a wan to lan DHCP server rule because all traffic to the DHCP server is orignated from your lan.

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    FYI... still needed WAN to LAN rule for DHCP... clients getting DHCP connect error otherwise.

    As for NAT rule, deleted the linked NAT rule, and replaced with the following:

    If I undertsand NAT and bridge mode, NAT is still required, but you do not want or need to MASQ the source going out, since it's still within the LAN.

  • 0 in reply to stego

    With the DHCP you will see errors because it is a broadcast. The internal devices initiate the call so you should not need a WAN to LAN DHCP rule. Please check there logviewer and show the error messages.

    'Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to stego

    With the DHCP you will see errors because it is a broadcast. The internal devices initiate the call so you should not need a WAN to LAN DHCP rule. Please check there logviewer and show the error messages.

    'Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML