Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 683 views
  • Users 0 members are here
Options
Suggested

Problem with VLAN configuration SOPHOS, PROXMOX

Dominik Potocki

Hi. I have a problem with receiving network traffic in PROXMOX_DMZ. I want two networks to be available in this

PROXMOX_DMZ:
1. DMZ NETWORK
2. DMZ VLAN 1721

My devices and the connections between them

Incoming traffic to the microtik

ISP -> PORT WAN/vmbr0 PROXMOX_MAIN -> PORT DMZ/vmbr2 -> PORT 4 MIKROTIK

Outgoing traffic from the microtik

MICROTIK PORT 3 -> PROXMOX_DMZ






VLAN


VLAN - VLAN ID 1721:



PROXMOX_DMZ:

auto eno1
iface eno1 inet manual

auto eno1.1721
iface eno1.1721 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.2.2/24
gateway 192.168.2.1
bridge-ports eno1
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 172.16.0.2/24
bridge-ports eno1.1721
bridge-stp off
bridge-fd 0




translated
[edited by: Dominik Potocki at 9:41 AM (GMT -8) on 5 Nov 2024]
  • 0

    Hello!

    I'm not familiar with Mikrotik switches, but one thing you're doing wrong is - don't create VLAN's interface at Proxmox, you should think a Linux Bridge = Physical Interface at Sophos-side. (And enable the option "VLAN Aware on each Linux Bridge (Interface) at Proxmox.)

    Also, don't create OVS Ports as VLAN's, you should only use Linux Bridge and then select the desired VLAN for the VM/LXC at its own configuration, Example:

    At last, what exactly is the issue in here? You created the VLAN, but you're not receiving traffic on the "DMZ" side?

    EDIT: I can't answer your private message, as you haven't enabled the option in the Community to accept messages from other members.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Prism

    Thank you for your reply

    The problem is with the DMZ interface ‘enp6s0’ in PROXMOX_MAIN I have a Linux Bridge vmbr2 configured with enp6s0 this is one of my physical network cards.

    The goal is to get a DMZ network and VLAN id 1721 on PROXMOX_DMZ
    Eventually I want to expose services from VLAN id 1721 to the world but I want them to be separate from the DMZ network.

    I can skip the mikrotik switch and connect PROXMOX_MAIN directly to PROXMOX_DMZ ( if you think this is an easier option)

    PROXMOX_MAIN (enp6s0 (vmbr2)) ---> (eno1) PROXMOX_DMZ
    (I tried before but nothing worked)




    With vSwtich this worked fine, but with DMZ I have to use Linux Bridge because one of the systems on the VM does not support vSwitch and I cannot configure the network interfaces configured by vSwitch.

  • 0 in reply to Prism

    Then my current configuration is ok? It seems to be working now.

    I connected directly(without swtich)
    PROXMOX_MAIN ----> PROXMOX_DMZ

    Probably missing before
    eno1.1721



    VM SOPHOS


    PROXMOX_MAIN

    PROXMOX_DMZ

Unfiltered HTML