Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • Locked Locked
  • Replies 3 replies
  • Subscribers 41 subscribers
  • Views 10803 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Bridge Mode in Multi Vlan Enviroment

CameronSekulin

Hello,

 

I am attempting to setup XG in bridge mode on a multi VLAN line between switch infrastructure and the main routing equipment (The trunk from the switches to the router). Based on the documentation, XG claims that this will be handled automatically. However this does not appear to be the case as regardless of what is attempted there is no connectivity on any of the vlans involved (Can not reach VLAN gateway such as 10.0.50.1 for the 50 vlan), but the devices can still reach the Sophos XG Device. 

Are there additional setup steps that I have missed during my deployment that are needed to make XG work as desired? I do notice that there have been issues with this kind of setup in the past, has this since been changed in a more recent release or is this still a limitation of XG (Not being able to handle multiple VLANs in bridge mode). To make things clear, the router is to handle all inter vlan and vlan routing, the sophos device is set to bridge to act as an inline security device.

 



This thread was automatically locked due to age.

  • HI CameronSekulin, 

     It should work, you may need to configure Rule between the two zones and disable firewall acceleration. 

    console>system hardware_acceleration disable

    If it does not work , please post the output of the packet capture to the gateway ..

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • How did you end up configuring your system?

  • in reply to mark57165

    Hello,


    Sorry to bring back an old thread.


    Having a similar issue. None of my VLAN users behind the Sophos XG home unit in Bridge mode can get DHCP IP Address from my router (USG) or connect to the internet

    I was able to fix the DHCP issue by adding a rule to allow DHCP to flow through and this let the devices in all of my 6 VLANs get an IP address in the correct subnet from the router

    all devices are only able to now get to the Sophos portal and not beyond. I can't ping ANY device that's not on the VLAN behind the Sophos or the default gateway

     

    Tried resetting my unit to factory and redoing the config.. nothing works. Am on the latest code

Unfiltered HTML