Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 519 views
  • Users 0 members are here
Options
Suggested

XGS 108 in combination with Asus Router

Icecoke

Hi!

I recently got a XGS 108 for home use, however, I am little lost on how to set-up my network now. Currently, I have an ISP modem acting as a bridge, then an ASUS router in a mesh wifi with an access point. The ASUS router is handling DHCP management. In addition, I have a Raspberry Pi for home automation and running Adguard. Basically, my ASUS is acting as router and switch at the same time. Ideally, I would not want to have an additional switch due to space restrictions and keep the setup that way, only with a firewall between ASUS and ISP modem. I do not care if the XGS or ASUS is allocating IP adresses.

Similar like in this picture:

 (credits to: https://community.spiceworks.com/t/firewall-with-router-switch-combo/552808/9 for the picture)

As of now, my ASUS is distributing IPs in the 192.168.1.xxx range

The ISP modem has an ip of 192.168.100.1

How do I configure the XGS that it fits into that scheme (and ideally also allocating IPs in the 192.168.1.xxx range)? and how do I wire the firewall in that setup? I assume it might be: ISP modem --> XGS WAN port. XGS LAN Port --> ASUS WAN port. ASUS LAN ports --> Raspberry, other devices in need of a wired connection

Thank you!



Edited TAGs
[edited by: Raphael Alganes at 11:23 AM (GMT -8) on 6 Nov 2024]
Parents
  • 0

    Hello,

    Your current setup up should work:  ISP modem --> XGS WAN port. XGS LAN Port --> ASUS WAN port. ASUS LAN ports --> Raspberry, other devices

    I assume the Asus router would NAT traffic going to -> Sophos Firewall so when filtering/FW rules etc. you might see 1 Natted IP only. but connectivity-wise they should function. 

    If your Asus router can do L2/bridge then connect all your wired devices to it (It can be the DHCP or the Sophos Firewall) as long as it doesn't do NAT or L3 functions (to simplify your setup and configuration) -> Then connect it to your Sophos Firewall (This is where you NAT going to-> ISP modem router and SF will also be the DG) It seems this way that you have control and visibility over your network devices when creating your FW policies. 

    Hope this helps with your home setup.

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Raphael Alganes

    Hi Raphael,

    thanks for the prompt reply. I believe I partly understood your post. To make things more tangible for me, my ASUS router can either operate in Router or AP-mode. In AP-Mode, it does not manage DHCP, so, as I understand your post, AP-mode would presumably be the "bridge" mode, right? In the manual of ASUS, it says that: AiMesh Routers in AP mode connect to a wireless router through an Ethernet cable to extend the wireless signal to other network clients. In this mode, the firewall, IP sharing, and NAT functions are disabled by default.

    So, the XGS would then do DHCP? Which brings me to my next question, which mode I need to select in the XGS setup. It would then be the Router Mode, correct? and which Network settings do I then set in the XGS? Same as now, meaning, an IP in the range of 192.168.1.xxx and 255.255.255.0 subnet or something else? and which IP for the gateway? The 192.168.100.1 of my ISP modem or the 192.168.1.1 that my ASUS currently has? And how would you do the set-up, right now, I have my XGS connected to one of the ports on my ISP modem and one of the ports of ASUS. Should I do the set-up like this and only later change it to the setup you mentioned or should I set it up already in the one you mentioned (potentially risking not being able to connect to the XGS anymore because the ASUS might be in the AP mode then or the XGS might switch networks (since, as I understood it, the XGS defaults to a different IP segment than 192.168.1.xxx)

    Thank you!

Reply
  • 0 in reply to Raphael Alganes

    Hi Raphael,

    thanks for the prompt reply. I believe I partly understood your post. To make things more tangible for me, my ASUS router can either operate in Router or AP-mode. In AP-Mode, it does not manage DHCP, so, as I understand your post, AP-mode would presumably be the "bridge" mode, right? In the manual of ASUS, it says that: AiMesh Routers in AP mode connect to a wireless router through an Ethernet cable to extend the wireless signal to other network clients. In this mode, the firewall, IP sharing, and NAT functions are disabled by default.

    So, the XGS would then do DHCP? Which brings me to my next question, which mode I need to select in the XGS setup. It would then be the Router Mode, correct? and which Network settings do I then set in the XGS? Same as now, meaning, an IP in the range of 192.168.1.xxx and 255.255.255.0 subnet or something else? and which IP for the gateway? The 192.168.100.1 of my ISP modem or the 192.168.1.1 that my ASUS currently has? And how would you do the set-up, right now, I have my XGS connected to one of the ports on my ISP modem and one of the ports of ASUS. Should I do the set-up like this and only later change it to the setup you mentioned or should I set it up already in the one you mentioned (potentially risking not being able to connect to the XGS anymore because the ASUS might be in the AP mode then or the XGS might switch networks (since, as I understood it, the XGS defaults to a different IP segment than 192.168.1.xxx)

    Thank you!

Children
  • +1 in reply to Icecoke

    In case anyone comes across this in the future:

    I kicked out the ASUS/merely use it as an AP right now. XGS does the DHCP and Raspberry (running Home Assistant/AdGuard) is plugged into the XGS and serving as an DNS.

    My physical layout looks like this: ISP/Modem ---> LAN Cable to the XGS WAN Port --->LAN Cable from XGS LAN port to ASUS Router WAN port

    I first set up the DHCP on the XGS and then put the ASUS in the AP mode, then replugged the cables in the above mentioned order.

    I set all ports in the XGS as a bridge so they all have LAN access and then made a rule so that the XGS allows LAN traffic between these ports (important to access the Raspberry).

Unfiltered HTML