https://community.sophos.com/sophos-xg-firewall/f/discussions/135468/disabling-of-management-portHello, I have some issues with the management port which is in the same network as a management network that I want to &quot;hide&quot; behind the firewall. I changed some routing (on 10 GBit Port) with resulted into two interfaces on the firewall in theen-USTelligent Community 12https://community.sophos.com/thread/500827?ContentTypeID=1Tue, 19 Jul 2022 09:43:29 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:7ae57708-cc87-4a02-b5e8-c6b92ad71368BeEf<p>Hello <a href="/members/lucar-toni">LuCar Toni</a>First I had an ip on the management interface configured in the management network that was routed on a&nbsp; switch on each node of the cluster.<br /><br />Now we want to route the management network on the firewall itself as a VLAN on an 10 GBit/s interface in order to be able to &quot;hide&quot; it and being able to control the access to the firewall on the firewall.</p> <p>For me it looks like the firewall&nbsp;uses&nbsp;the 1 GBit MGMT Network even if disconnect the cable. Only changing the IP to another network helps. However I do not really want to create a separate network for firewall managment.<br /><br />Another obstacle seems to be that after we changed the routing it seems not to be possible to access the passive firewall of the management interface of the cluster once we changed the routing to the firewall. This was monitored before because a few updates back we had issues with freezing of hardware (in this case it was no longer reachable on the management interface).<br /><br />To be honest I don&#39;t like bridging and I guess it wont solve our problem.</p> <p>To make this a little bit more clear:<br /><br />Mangement Interface of 1st firewall 172.21.12.81.&nbsp;<br />Management Inteface of 2nd firewall 172.21.12.82.</p> <p>10 GBit/s Interface (actually 2*10 GBit/s LAG)<br />Subnet mask 255.255.255.0<br />Zone MGMT<br />Gateway on 10 GBit/s 172.21.12.5&nbsp; &nbsp; &nbsp;(used by all devices in the management network (vmware server, iLO/iDRAC boards, SAN management, ...)<br /><br />(This seems also lead to asynchronous routing which seemst not to be visible on the firewall itself. I was not able to see dropped packets or anything in the log however the communication seems to go from external network - 172.221.12.81 (management interface comes first) - device in 172.21.12.0/24 - which sends the answer throught it&#39;s default gateway.</p> <p>Regards,<br />BeEf</p><div style="clear:both;"></div>https://community.sophos.com/thread/500759?ContentTypeID=1Mon, 18 Jul 2022 18:12:37 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:ea78f48b-1e2c-4108-856c-5322436315e9LuCar Toni<p>What is your goal in the End? You could potentiell work with a Network Bridge, if you want to have the same IP/Subnet on the Management Ports.&nbsp;</p><div style="clear:both;"></div>