This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge mode limitations

Hi guys,

What are the limitations for the bridge mode? I heard that the site to site vpn was not possible, what else? Red? VPN Ssl?

Thank in advance



This thread was automatically locked due to age.
  • Scale,

    "Some functions cannot be used in bridge mode and require either gateway mode or mixed mode; these include:


    •Using the Sophos XG Firewall as a VPN concentrator
    •Multiple WAN links

    Regards.

    • Thanks Luk!

      What  does vpn concentrator mean? It means all VPN acitivities (site2site,red,remote access)?

      • Hi Scale Dem,

        As Luk mentioned bridge mode does not support VPN Termination (covers site2site/remote/RED), Multiple WAN Links.

        The best way to think of it is that in bridge mode the XG appliance is not acting as a router/traditional firewall because it is sitting in line of the traffic flow (it only get a single IP address in the network for management purposes such as GUI and Identity), this means it is not terminating connections in the traditional sense (which prevents us from providing the above functionality).

        If your requirement is to provide this functionality you could deploy the XG Appliance in Gateway Mode, replacing your existing firewall/router. Additionally you could enable mixed mode by creating a bridge segment for a part of the network it might not see as the network gateway.

        Information on how to setup bridge mode can be found @ https://community.sophos.com/kb/en-US/122973

        Hope this helps clarify the setup for you

        Leon Friend

        Sophos Sales Engineer

        Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

        • Leon,

          not all the time is possible to deploy UTM/XG in routing mode and replace the existing firewall. HA in bridge mode, if I remember correctly, is supported on UTM. Also some other VPN features are supported. Can you confim that?

          Thanks.

          • Hi Leon,

            is there any other functionality that Sophos XG in pure bridge mode does not have, comparing with gateway mode, apart of router functionality? Like Web/App control, ATP, Security Heartbeat?

            Thanks in advance.

            Regards,

            Jose 

            • Hi Jose,

              Web Protections such as Web Filtering and Application Control is supported, likewise Network Protections such as IPS/ATP and security heartbeat are supported.

              Hope this helps

              Leon Friend

              Sophos Sales Engineer

              Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

              • Hi,

                Can you clarify the following point :

                Is it possible to do HA with bridge ?

                Is it possible to filter https with bridge ?

                • scaledem said:

                  Hi,

                  Can you clarify the following point :

                  Is it possible to do HA with bridge ?

                  Is it possible to filter https with bridge ?

                  Yes, the policy engine still functions as such you can perform HTTPS Decryption, Web Filtering, Application Filtering, Traffic Shaping, Malware Scanning, Identity Integration and implement the Firewall/Policy Rules.

                  HA is supported in Mixed mode / Gateway Mode.

                  More information can be found in the knowledge base at 

                  - How to Configure Bridge in Sophos Firewall: https://community.sophos.com/kb/en-us/123098

                  - Deploy Sophos Firewall in Bridge Mode: https://community.sophos.com/kb/en-US/122973 

                  Leon Friend

                  Sophos Sales Engineer

                  Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

              • To update this thread for any other users searching for this info:

                HA is supported in Bridge mode, when you configure the Bridge from the GUI interface page.

                However, the only limitation is that if we configure bridge mode using the wizard, then HA will be disabled.


                Florentino
                Director, Global Community & Digital Support

                Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
                If a post solves your question, please use the 'Verify Answer' button.
                The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids