Bridge mode limitations

Question

Hi guys, 
 What are the limitations for the bridge mode? I heard that the site to site vpn was not possible, what else? Red? VPN Ssl? 
 Thank in advance

Leon.Friend · Accepted Answer

scaledem said: 
 Hi, 
 Can you clarify the following point : 
 Is it possible to do HA with bridge ? 
 Is it possible to filter https with bridge ? 
 
 Yes, the policy engine still functions as such you can perform HTTPS Decryption, Web Filtering, Application Filtering, Traffic Shaping, Malware Scanning, Identity Integration and implement the Firewall/Policy Rules. 
 HA is supported in Mixed mode / Gateway Mode. 
 More information can be found in the knowledge base at 
 - How to Configure Bridge in Sophos Firewall: https://community.sophos.com/kb/en-us/123098 
 - Deploy Sophos Firewall in Bridge Mode: https://community.sophos.com/kb/en-US/122973

Leon.Friend · Answer

Hi Scale Dem, 
 As Luk mentioned bridge mode does not support VPN Termination (covers site2site/remote/RED), Multiple WAN Links. 
 The best way to think of it is that in bridge mode the XG appliance is not acting as a router/traditional firewall because it is sitting in line of the traffic flow (it only get a single IP address in the network for management purposes such as GUI and Identity), this means it is not terminating connections in the traditional sense (which prevents us from providing the above functionality). 
 If your requirement is to provide this functionality you could deploy the XG Appliance in Gateway Mode, replacing your existing firewall/router. Additionally you could enable mixed mode by creating a bridge segment for a part of the network it might not see as the network gateway. 
 Information on how to setup bridge mode can be found @ https://community.sophos.com/kb/en-US/122973 
 Hope this helps clarify the setup for you

FloSupport · Answer

To update this thread for any other users searching for this info: 
 HA is supported in Bridge mode, when you configure the Bridge from the GUI interface page. 
 However, the only limitation is that if we configure bridge mode using the wizard, then HA will be disabled.