Comcast Gateway Modem with Built In Wireless Model CBR2_t

Hi BobbyDigital ,

Thank you for reaching out to the community, you can configure any device behind Sophos firewall and treat that device in a LAN/DMZ zone...

Hello Vivek Jagad,

I think his "Gateway" is in front of the firewall.So he seems to be looking to route this to the firewall and then gain control over the traffic from the wireless.

BobbyDigital : Usually those boxes do a bridging with the wireless to the local LAN interface and the defined network at that interface. If the Comcast-Box is able to switch from bridging to routing and has the ability to define a second network for the integrated wireless access point, then you have a chance to achieve what you want. Then you need to route this traffc to the interface of the firewall.

Hello Vivek Jagad 

You are absolutely correct. The Comcast gateway is in front of the firewall. I've reached out to Comcast support both tier 1 and tier 3 (allegedly). They all pointed me to this article - https://forums.businesshelp.comcast.com/conversations/equipment/true-bridge-mode-vs-passthrough-mode/5fe0a58dc5375f08cd7d88fe

It's an interesting read but does not give me the ability in any mode configuration to assign a second network for the integrated wireless traffic. I'm guessing I might just have to purchase a XG online with built in wireless on the Sophos firewall as this would probably solve my issue. 

Thanks for all responses. 

Hello Vivek Jagad and PhilippRusch 

Yes. You are correct. The Gateway is in front of the firewall. I spoke with support and the only options are either True Bridge Mode or Pass-Through Mode. From reading the differences between the two modes. Neither will allow me to define a second network for the wireless traffic traversing the gateway. Looks like my only option is to disable the wireless and either purchase another Access Point or purchase a Sophos XG(W) with built in wireless from eBay. 

Again, thanks for all responses. 

Hi,

 are you running a home licence or similar, the AP hardware does not work, not supported.

You should be able to disable the wAN interface and use a LAN port to connect to the AP in the modem.

Ian

Hello rfcat_vk  

Thanks for the heads up about the AP hardware not working. Yes, I'm running a home license. 

Are you saying that I should be able to configure the firewall to filter the wireless traffic on the Comcast gateway just by disable the WAN interface and using the LAN port on the modem as the gateway when connected to the Sophos firewall. 

Can you help me understand how that would work? keep in mind the comcast modem IS the internet gateway. Disabling the WAN interface will cause me to lose internet. 

If i'm wrong please help me understand what am i missing here

Thanks for all responses.

Hello rfcat_vk  

Thanks for the heads up about the AP hardware not working. Yes, I'm running a home license. 

Are you saying that I should be able to configure the firewall to filter the wireless traffic on the Comcast gateway just by disable the WAN interface and using the LAN port on the modem as the gateway when connected to the Sophos firewall. 

Can you help me understand how that would work? keep in mind the comcast modem IS the internet gateway. Disabling the WAN interface will cause me to lose internet. 

If i'm wrong please help me understand what am i missing here

Thanks for all responses.

Hi,

the idea is based the assumption that the XG can interface to your ISP connection and the ISP modem is connected to a LAN interface on your XG.

If the XG cannot connect to the ISP connection then the idea fails.

Ian

Hello rfcat_vk  

Its a fiber connection that has to go into the provided Comcast internet gateway first. Then I can forward all traffic to the Sophos firewall for the resources that are behind the firewall. Anything connecting directly to the gateway will be in front of the firewall. I.E. the wireless traffic connecting to the comcast gateway. So far I have not found a way to fix this part. 

It sounds like I may just have to purchase a 3rd party Access Point.

Again, thanks for all responses. 

Hi,

can the XG process the ISP connection protocols, if so you might try a fibre to ethernet convertor?

Ian

Hello rfcat_vk  

Unfortunately the gateway has to be connected in order to provide the internet access. I tried connecting directly but so far no luck. So as it stands it's no way for me to get the comcast gateway to sit behind the sophos firewall. 

I will just purchase an AP and call it a day. 

Again, thanks for all the responses.