Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

How to configure a bridge?

Hello!! Slight smile

In my home network, I have a mini PC with two ports running Proxmox and a virtualized Sophos Firewall Home Edition.

I have purchased a mini PC with four ports to replace the one I currently have. While I wait for it to arrive, I decided to do some testing with a VirtualBox virtual machine where I simulated a WAN port and a LAN port. The WAN port receives the IP 192.168.3.37 via DHCP, and the LAN port has the IP 172.16.16.4.

Next, I added two more virtual NICs so that in Network > Interfaces, the two new ports appear.

My intention is to use one port for the WAN and the other three for the LAN. Following the official documentation:

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Network/Interfaces/NetworkBridgeInterfaces/index.html

I tried to create a bridge to have the three ports with the same IP 172.16.16.254, and here's a screenshot of the configuration:

When I save the configuration, I lose access to the firewall. To regain access, I have to perform a factory reset.

What am I doing wrong?

Kind regards!! Slight smile



Edited TAGs
[edited by: Raphael Alganes at 11:53 PM (GMT -7) on 2 Sep 2024]
Parents
  • Hello Albert,

    From what interface do you access the Firewall when you perform the bridge configuration?

    If you're accessing from outside the 172.16.16.x/24 network, then you're expected to lose network connectivity on your firewall since you bridge them altogether into that network scheme.

    Further, I believe that from your setup, as stated in your intention:

    My intention is to use one port for the WAN and the other three for the LAN

    - is possible to achieve this without configuring a LAN WAN Bridge. You may only need 1 WAN Port and LAN Interface/s (You may still, bridge the 3 LAN interface if needed on your network requirement) as I see it’s that the setup goes like:

    ISP router/Home router->Sophos Firewall Home->Network

    - and thus may not need to bridge WAN with LAN unless there's an existing setup that you do not want to change/disrupt network settings anymore but would need to put Sophos Firewall in-between.

    However, If my assumptions are incorrect. Could you please share a diagram of the setup you are trying to achieve.

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hello Raphael, thank you very much for your help!! Slight smile

    My virtual lab (VirtualBox) consists of a Sophos with four virtual NIC and a PC on the LAN, all running on my personal PC. After making the configuration, I try to access the firewall management with IP 172.16.16.254 from the PC that is on the same network 172.16.16.0/24.    
    Raphael Alganes said:
    - is possible to achieve this without configuring a LAN WAN Bridge. You may only need 1 WAN Port and LAN Interface/s (You may still, bridge the 3 LAN interface if needed on your network requirement) as I see it’s that the setup goes like:
    In this case, if I want to have three ports on the same LAN I should configure each one with its IP, for example:    

       - Port 1: 172.16.16.4/24    

       - Port 2: 172.16.16.5/24    

       - Port 3: 172.16.16.6/24    

    If this is so, I have to say that I have already tested it and, obviously, it works. But, then I can access the firewall management from three different IPs, I don't know if that is correct.   

    This is the diagram of what I want to achieve on production, the same as what I have now but with two extra ports to serve the LAN:

    This is an exact photo of the equipment I bought:

    On this mini pc I will install Proxmox, and it will only be used to run virtualized Sophos. I want to make it clear that I do these tests in a virtual environment, so I can make sure that when I go into production everything will go well.

    Kind regards!! Smiley

Reply
  • Hello Raphael, thank you very much for your help!! Slight smile

    My virtual lab (VirtualBox) consists of a Sophos with four virtual NIC and a PC on the LAN, all running on my personal PC. After making the configuration, I try to access the firewall management with IP 172.16.16.254 from the PC that is on the same network 172.16.16.0/24.    
    Raphael Alganes said:
    - is possible to achieve this without configuring a LAN WAN Bridge. You may only need 1 WAN Port and LAN Interface/s (You may still, bridge the 3 LAN interface if needed on your network requirement) as I see it’s that the setup goes like:
    In this case, if I want to have three ports on the same LAN I should configure each one with its IP, for example:    

       - Port 1: 172.16.16.4/24    

       - Port 2: 172.16.16.5/24    

       - Port 3: 172.16.16.6/24    

    If this is so, I have to say that I have already tested it and, obviously, it works. But, then I can access the firewall management from three different IPs, I don't know if that is correct.   

    This is the diagram of what I want to achieve on production, the same as what I have now but with two extra ports to serve the LAN:

    This is an exact photo of the equipment I bought:

    On this mini pc I will install Proxmox, and it will only be used to run virtualized Sophos. I want to make it clear that I do these tests in a virtual environment, so I can make sure that when I go into production everything will go well.

    Kind regards!! Smiley

Children
No Data