Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 3122 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is Sophos Hardware required to make VLAN work in firewall software?

Chevyavalanche

Quick question:

Do you have to have Sophos Hardware to make VLAN work in the firewall software? I'm using a mini pc running Sophos Firewall V20 and it appears when I set up a VLAN, it doesn't work. Followed the directions on how to create a VLAN but I still can't connect to that specific network.

Thanks



This thread was automatically locked due to age.
  • 0

    It does not require Sophos hardware and also works on custom hardware or even virtualized.

    Once you define VLAN's you also need a managed switch to connect to the interface with the VLAN. The configured VLAN should be available as 802.1q tagged VLAN on the switchport.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    That's good it works with other hardware. So I need a layer 3 switch as my current one is layer 2. My router is also bridged with the Sophos firewall on port 2 (WAN port). Any concern with the bridge? 

  • 0 in reply to Chevyavalanche

    What model of switch do you have? Some layer 2 switches are also "smart managed" meaning they can support VLANS.

    As far as needing Sophos hardware, the software version can support the same features. I have a Sophos switch (layer 2) and have set up VLANS successfully for inter-VLAN routing through the firewall between VLANS.

    How do you have your Sophos firewall connected to the router? Sophos firewall is running in bridged mode? Why not just use Sophos as the router? Just curious...

  • 0 in reply to alan weir

    I have a Cisco SG200-26 (L2 switch shown below) switch. I was lead to believe that I needed a layer 3 switch to do what I wanted. Below is a good representation of what I have: The left side of main router is really 172.16.x.x and that IP range continues to Sophos Firewall, through switch to all users. The right side of main router is 192.168.x.x respectively.

    I've connected the VPN router to Sophos Firewall as well and added FW rules to support but still could not connect from my 172.16.x.x network directly to my 192.168.x.x VPN network.

    Main Router and Sophos Firewall are 'bridged' and that's a longer story but what I've got set up, works and has been for some time now....with this exception.

    So there are 2 challenges I have:

    a) setting up FW rules to support the 2 networks

    b) routing information so that each network can talk to one another

    I've also set up static routes in my main Asus router to support the routing between 172.16 and 192.168 networks and that hasn't worked either. I understand the basics here but when we start getting areas I'm unfamiliar with like VLANs or very specific FW and NAT rules, I'm taking educated guesses (after research and reading tons of how-tos) which obviously haven't worked. 

  • 0 in reply to Chevyavalanche

    Hi,

    since v19 you should be able to create l2 VLANs.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0
    [deleted]
    1. Ken A Wright: wrightakencom192.168.15.9Thanks, the topic of repeated signals opening at the tunnel, follow up with an RSS text msg. allows drafted entrance emails containing all number IP @ address to use them on over dead air removal serves emailed personal 192192.168.15.9 find a solution that will help with opening the API. 

    VPN numbers are the same forum 

    Up to play a tracking system from tunnel to tunnel traffic.  However, if the time element is to get more traffic then "Access the settings for Sophos Community."

  • 0 in reply to wrightakencom

    Ken, 

    Thanks for the reply. I'm not a coder either. I'm not sure what you are telling me with full recovery s/w. I found an interim solution to be able to talk to both networks on my main PC. Just added a USB ethernet adapter that connects to VPN router and I can now share info between the 2 networks. Not optimum since it only works on my main PC but it will suffice for the moment until I can connect via VLAN. Previous suggestions were awesome but couldn't get any to work with my setup.

Unfiltered HTML