Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 42 subscribers
  • Views 10144 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SD-RED 20 and VLANs

Vict0r-

Hello, I have the following scenario, I need to transport some VLANs that are on my core switch L3, behind the RED (Appliance), I have already tried to put the Firewall interface marked with the VLANs that I need, in Sophos I grouped the VLANs in a bridge, station behind RED gets ip from guest VLAN but does not browse.

I know it's not a good practice, but I need the Hotspot of my guest network, also in the branches.



This thread was automatically locked due to age.
Parents
  • 0

    SD-RED20 is not VLAN aware.
    Possibly the RED ignores the VLAN-tags and just transmits everything.. including the VLAN-tags.
    But i think it is not official supported. (even if it worked with RED15)
    Next, you should check at the branch-switch, if VLAN-packets arrive the switch (VLAN/Port statistics or a packet capture).
    If this is working, the client should get an IP or be able to ping the gateway.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • 0

    SD-RED20 is not VLAN aware.
    Possibly the RED ignores the VLAN-tags and just transmits everything.. including the VLAN-tags.
    But i think it is not official supported. (even if it worked with RED15)
    Next, you should check at the branch-switch, if VLAN-packets arrive the switch (VLAN/Port statistics or a packet capture).
    If this is working, the client should get an IP or be able to ping the gateway.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
  • 0 in reply to dirkkotte

    Yes, I understand that SD-RED 20 ignores the VLANs tags and just broadcasts everything, I put a Switch behind the RED and put the port as Tagged, my station receives an IP address from DHCP, I can ping the gateway, but not ping the Internet.

  • 0 in reply to Vict0r-

    ok, try to ping the internet and take a look to the log-viewer.
    if you enable "logging" within your firewall-rules, you should see something.
    Unfortunately, the last "default drop" rule doesn't log. (i build a "drop and log" rule by myself)

    I think there is missing a firewall-rule or a NAT (Masquerade) rule.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Unfiltered HTML