Does anyone have VLAN success with Sophos XG over Proxmox and a managed switch?
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Prism apijnappels Thanks both of you, The proper way is to set up VLANs in Sophos only and leave Proxmox out of it. I attempted to use VLANs in Proxmox because of all the videos on Proxmox VLANs. Unfortunately, when Proxmox creates the new interface, Sophos sees it as a physical interface. Which makes sense because Sophos is a VM, but it does not know that, so any NICs attached to the VM config will be recognized as physical. Now I'm not positive because I didn't spend a bunch of time with different configurations troubleshooting the Proxmox VLANs, but I think that what happens is Sophos strips the tag because it thinks the NIC is physical. Even setting up a VLAN on the "pysical" VLAN didn't do much. Maybe there is a way to get that to work but this setup is simplified and the way I would like it to be. Here's how it is set up...
Proxmox:
Sophos VM in Proxmox:
Sophos Ports (WAN not displayed) and VLANs:
DHCP Servers:
A communication rule:
I change 211 to WiFi so here's the corresponding rule:
Switch PVID configuration:
Now the switch config was really the most difficult to understand. I found that I must not tag a port with a PVID and VLAN Member. How I understand it is that VLAN tags are exclusive to ports that traffic is intended to pass through with multiple VLANs for a specific PVID. For example, VLAN 117 is tagged on mg4 (the port to the router, PVID 1) and untagged on xmg6 which requires the PVID of 117. For some reason, if I tag xmg6 with 117 I have local network access but lose internet access.
This has been probably one of the coolest things I've done lately thanks to you guys for helping me understand how this stuff works.