Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Replies 4 replies
  • Subscribers 39 subscribers
  • Views 1186 views
  • Users 0 members are here
Options
Suggested

Unable to use the static IP in Sophos bridge mode

Anh Dung Nguyen

Hello everyone,

I’ve included my home network diagram and Sophos configuration below. After setting up Sophos Home (on ESXi) in bridge mode with VLANs, I assigned a static IP address of 192.168.11.10 to the bridge port. However, this IP address cannot ping the gateway (192.168.11.1), although I can access the web administrator interface from a VM using this IP.

I proceeded to set up the VLAN interfaces. If I use static IPs, my router (RouterOS CHR) cannot detect them or ping the gateways. I can only use DHCP. However, clients (servers, PCs, phones, etc.) can access the internet using either static IP or DHCP, and they can ping the gateway without issues (except for the management VM, cannot ping the gateway).

What could be wrong or missing in my configuration?

I’m a newbie with Sophos and not a professional in networking, so I would greatly appreciate any help you can provide. Thank you very much!

Network diagram:

Bridge interface:

VLAN interfaces:

Rules config:

RouterOS DHCP and ARP table:



Added V20.0 MR2
[edited by: Erick Jan at 3:50 PM (GMT -7) on 2 Sep 2024]
Parents
  • +1

    Hello,

    Thank you for contacting Sophos Community!

    The Firewall bridge port IP (192.168.11.5) and Mikrotik router IP as 192.168.11.1. As these belongs to same range, it should be reachable without any additional configuration.

    I suggest collecting the tcpdump on gateway IP while initiating the ping from the firewall. Login to the CLI of the firewall and go to option number 5 and 3. Use the below commands simultaneously.

    #tcpdump -nei any host 192.168.11.1
    #ping 192.168.11.1

    We may receive number of traffic but that can be filtered. Kindly make sure that you saves the putty session output for the tcpdump command to validate each packet going out and coming in.

    Mayur Makvana
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to Mayur Makvana

    Updated:

    Dear all,

    I have found the root cause: the IP gateway addresses were incorrectly configured on RouterOS and Sophos. When I configured the bridge IP, I entered the gateway as 192.168.11.1 on Sophos. However, this IP was incorrect. I tried using 192.168.11.2 instead, and it worked.

    Thanks Sophos Community, Mayur for your help. I appreciate it.

Reply Children
Unfiltered HTML