Move Vlans to another Interface

Hello Simplified Sam,

Thank you for reaching out to the community, when editing the VLAN only the following options can be changed at any time:
1.) Name
2.) Zone
3.) IP assignment
4.) IPv4/netmask

The "Hardware" cannot be changed, you'll need re-create the VLAN on that desired interface !! 

Not sure how other companys split up their vlans, but if this is the way to go, i cant recommend sophos anymore.

I think this problem still exist many years. You basically saying i need recreate my 20-30 vlans where i setup evrything. I dont want think about it!

Simplified Sam,

Interface / VLAN Migration via XML Import/Export: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/123684/interface-vlan-migration-via-xml-import-export

As some of you want to move the VLAN configuration or Interface configuration in XG from one interface to another, there is no way to do this in the GUI. So you could use the Import/Export feature in XG, to perform this operation.

This is suitable solution, thanks. Not Sure why you cant do this today with gui, but hey you get what you get for your money ...

Two things i dont unterstand:

1. Why you need to unbind port 3? On Port 3 alone, let say i got my default Subnet.

2. i am correct this method just prompt import the config part i need, could i damage my config if i would format my file wrong, like i make to many whitespaces?

Hey Simplified Sam,

Port3 is just given as an example in the mentioned article. Basically for example if you have Port2 where all the VLAN are configured then Unbind Port2 to avoid any overlaps and errors in regards to subnet. 

And again before going for the changes, it is advised to take a complete back up of the appliance and then perform according to the steps shared in the article !! 

Whats the difference export all and the backup file? The encryption with a password?

 Simplified Sam,

With Import/Export feature: You can import and export the full or partial configuration of Sophos Firewall.
KBA1: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/ImportExport/index.html
With Backup/restore feature: You can take a backup/restore entire configuration on Sophos Firewall along with encryption.
KBA2: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/BackupAndRestore/index.html

with export / import you can modify and specify what you import. You cannot do this with a full backup restore.

it is quite handy for dealing with large lists of host imports or in this case here - as workaround to modify VLAN interfaces.

Nice to hear, is there way to tagg another port like, i want to stay for the beginning on port 3 and move to port 7, but i cant move all at once. So my vlan is sitting on port 3 but can accept the traffic on port 7?

The physical port is just there - you configure the VLANs on switch-side for that phy FW ports. So if you move one VLAN to an other interface and an other VLAN to an other interface that is fine.

You could do potentially a Network Bridge. And add all Interfaces (VLAN) to the Bridge. Export VLANs, then delete the interfaces. add a Bridge and change the XML by replacing Port3 to Bridge. 

You could do potentially a Network Bridge. And add all Interfaces (VLAN) to the Bridge. Export VLANs, then delete the interfaces. add a Bridge and change the XML by replacing Port3 to Bridge.