Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet with Single WAN to Multiple LAN Sophos XG

Hello Everybody.

In first, excuse-me for My English, i'm a french. 

So now, i need your help please because i'm lost. 
I'm new user to Sophos XG. I'm a studient and i work in an enterprise. 
The enterprise is equipped of an appliance XG 115W and a router Netgear D6200. 

Context :
In order to of a project. I must create a second infrastructure isolated from the first.
For the moment, the enterprise is configured of this way :
- a bridge between LAN (of the enterprise) with WAN with IP : 192.168.0.3
- WAN IP : 192.168.0.1
- 2 Links is available on the appliance so 1 link for my infrastructure.

So how can i proceed for isolate my infrastructure with this limitation ?
My researches have give one solution : use the NAT.
But i stay blocked for the configuration NAT.
Please find attached the infrastructure. The red rectangle concerns my part.

Do you have an idea ?



This thread was automatically locked due to age.
Parents
  • Hi Max.
    
    I tried your solution. But a bridge is present between LAN1 and WAN.
    The DMZ was an idea LAN and DMZ must be in the same network LAN with DMZ.
    And i can not associate LAN with DMZ (restriction of the enterprise). I have created a second LAN2 zone for isolate of LAN1.
    If i add LAN2 to the bridge, i have not Internet despite network rules.
    I tried too of create a NAT rule but nothing.
    
    For additional information:
    The router in the enterprise is for the moment no manageable.
    The Appliance Sophos is configured in bridge mode and can not be changed. There are only 4 ports on the appliance and i can use 2 ports maximum.
    My project is to create an another infrastructure. By that i mean servers for: Active Directory for the new domain, dns + dhcp, exchange and this clients.
    
    That's why I have to be on an independent zone to not be in conflict with the present domain.
    
    So what can i do?
    
    Thank you in advance for your answers and sorry if i repeat me.

    Regards,

    PBJM
Reply
  • Hi Max.
    
    I tried your solution. But a bridge is present between LAN1 and WAN.
    The DMZ was an idea LAN and DMZ must be in the same network LAN with DMZ.
    And i can not associate LAN with DMZ (restriction of the enterprise). I have created a second LAN2 zone for isolate of LAN1.
    If i add LAN2 to the bridge, i have not Internet despite network rules.
    I tried too of create a NAT rule but nothing.
    
    For additional information:
    The router in the enterprise is for the moment no manageable.
    The Appliance Sophos is configured in bridge mode and can not be changed. There are only 4 ports on the appliance and i can use 2 ports maximum.
    My project is to create an another infrastructure. By that i mean servers for: Active Directory for the new domain, dns + dhcp, exchange and this clients.
    
    That's why I have to be on an independent zone to not be in conflict with the present domain.
    
    So what can i do?
    
    Thank you in advance for your answers and sorry if i repeat me.

    Regards,

    PBJM
Children
No Data