Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 42 subscribers
  • Views 10149 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SD-RED 20 and VLANs

Vict0r-

Hello, I have the following scenario, I need to transport some VLANs that are on my core switch L3, behind the RED (Appliance), I have already tried to put the Firewall interface marked with the VLANs that I need, in Sophos I grouped the VLANs in a bridge, station behind RED gets ip from guest VLAN but does not browse.

I know it's not a good practice, but I need the Hotspot of my guest network, also in the branches.



This thread was automatically locked due to age.
  • 0 in reply to PhilippRusch

    Hello! That's right, my topology is like the one mentioned. So on my Switch I set the Sophos Uplink interface to Tagged?

  • 0 in reply to Vict0r-

    Your image shows e0/0 which is going to Sophos PortA as "tagged" VLAN on both sides. You did ot show the VLAN ID ("number") of this.

    If you want to transport any other or all other VLAN IDs, you have to configure this interface e0/0 accordingly. Port e0/0 has to be a "trunk port" for this to transport more than one VLAN. If this is configured as "access port", which I suspect, then this transports ONLY your tagged VLAN and nothing else. I am talking Cisco configuration-wise here.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    On my switch, the Sophos uplink port is already tagging the VLANs I need (in this case 150). Sophos RED Server and Sophos RED Client also have VLAN 150 on the bridge. I put a /32 IP because I can't create the VLAN without IP.
    Interface PortA, is where the Switch is connected, on both sides.

    RED-Client: 

    RED-Server:

Unfiltered HTML