Wireless not working through SFVH firewall

Hello there,

Thank you for contacting the Sophos Community.

Are the only two ports you’re using in the Sophos Firewall Port 2 and Port 3? 

Is the 3rd party router in the WAN zone? If so, you might want to move it to a different port in the Sophos Firewall, either in a LAN or DMZ.

Regards,

Hello EmmoSophos,

I thought when you are in bridge mode, the output from router had to go into the WAN port 2 of Sophos. So yes, I'm just using ports 2 and 3. By putting into a LAN port, how will that affect the Bridge between router and Sophos? From your suggestion, I'm guessing not much but I can't risk internet going down right now.

I won't be able to test this until tomorrow as we're actively using internet for work.

Hi,

the router/AP should be on the LAN side of the XG is you want to use the AP function? The XG could connect directly to the internet depending on your WAN connection type.

Ian

I moved router to LAN side of XG and I have access to my server now. But by moving to LAN from WAN, isn't the XG (VP2410) now just acting like a switch? In other words, all data incoming from router is just being passed through without XG monitoring the data. Is that assumption correct as that's not what I want but I do need access to server via WiFi at same time?

If the server is on the same network as the router and AP then the XG will not see the traffic.

If the server is on a different network then you will need firewall rules to allow traffic between the LANs and you need to change the router into bridge mode so the firewall will see the original packets.

Ian

If the server is on the same network as the router and AP then the XG will not see the traffic.

If the server is on a different network then you will need firewall rules to allow traffic between the LANs and you need to change the router into bridge mode so the firewall will see the original packets.

Ian

Yeah, that's what I thought. Server is on same network so XG isn't doing anything. XG and Router are already bridged.

So If I move router output back to XG WAN port and XG LAN feeds into switch, all traffic is filtered. 

But no access to Server via Router WiFi if router is fed into WAN.

You will need to add a firewall rule and NAT to allow external traffic through the XG to your server.

The XG does not recognise APs other than Sophos units.

Ian

Thanks for the information. Where can I find a layman's explanation ow how to set up the Nat/FW rules? I haven't set up a NAT rule before but I do understand the route logic from Router WiFi to internal network.

Please review this link, it is from a post at the top of the forum.

https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/137737/sophos-firewall-home://community.sophos.com/sophos-xg-firewall/f/recommended-reads/137737/sophos-firewall-home

Ian

Thank you for the documents. After reading those docs, looks like there's not much I can do to solve my WiFi access issue. I'm following the majority of the best practices that can be managed in my setup.