How to configure a bridge?

Hi Albert,

Once you save this configuration, what is the IP address of the firewall you type in to access it? You mentioned that the LAN IP was 172.16.16.4, and your configuration indicates that it’s 172.16.16.254

Try accessing the firewall through the configured IP of 172.16.16.254. And let us know if it works

Hello Albert,

From what interface do you access the Firewall when you perform the bridge configuration?

If you're accessing from outside the 172.16.16.x/24 network, then you're expected to lose network connectivity on your firewall since you bridge them altogether into that network scheme.

Further, I believe that from your setup, as stated in your intention:

albert cutrona said:

My intention is to use one port for the WAN and the other three for the LAN

- is possible to achieve this without configuring a LAN WAN Bridge. You may only need 1 WAN Port and LAN Interface/s (You may still, bridge the 3 LAN interface if needed on your network requirement) as I see it’s that the setup goes like:

ISP router/Home router->Sophos Firewall Home->Network

- and thus may not need to bridge WAN with LAN unless there's an existing setup that you do not want to change/disrupt network settings anymore but would need to put Sophos Firewall in-between.

However, If my assumptions are incorrect. Could you please share a diagram of the setup you are trying to achieve.

Regards,

Hello Raphael, thank you very much for your help!! 

   - Port 1: 172.16.16.4/24    

   - Port 2: 172.16.16.5/24    

   - Port 3: 172.16.16.6/24    

If this is so, I have to say that I have already tested it and, obviously, it works. But, then I can access the firewall management from three different IPs, I don't know if that is correct.   

This is the diagram of what I want to achieve on production, the same as what I have now but with two extra ports to serve the LAN:

This is an exact photo of the equipment I bought:

On this mini pc I will install Proxmox, and it will only be used to run virtualized Sophos. I want to make it clear that I do these tests in a virtual environment, so I can make sure that when I go into production everything will go well.

Kind regards!!

Hello Raphael Alganes 

Hello,
I keep thinking about how to solve this issue. When configuring the ports, it is essential to assign them an IP address. Is it possible to limit management access to only one LAN port?

Kind regards!! 

Hello Albert, 

You can instead limit those who can access the device using Local Service ACL: https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/Administration/DeviceAccess/index.html

Best Practices to manage SF: https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/Administration/DeviceAccess/DeviceAccessBestPractices/index.html

Hope this helps. 

Regards,

Hello Raphael Alganes !!

Raphael Alganes said:

You can instead limit those who can access the device using Local Service ACL

As you suggest, this way I can limit access to the device from certain interfaces:

That's an acceptable solution to my original question, config three ports in the same subnet.

I've to say that after playing with the VM, I've realized that bridge interfaces only works with the ones that don't have the gateway of the DHCP.

Thank you very much for your help and kind regards!! 

Hello Albert,

Thank you for taking the time to update us. We're glad we can help with your concern.

Have a nice day and thank you for choosing Sophos.

Regards,