Sophos XG SFOS v18 EAP3 - Bridge Mode in Multi Vlan Enviroment

Hi,

I am attempting to setup XG in L2 bridge mode on a multi tagged VLAN LAG link between switch infrastructure and the main routing firewall equipment (The trunk from the switches to the main routing firewall). It is only for trying Sophos XG security features like: Synchronized Security, Sandbox, AntiMalware, Web Filter, Application Filter, HTTPS Inspection. It is no real production environment. How do I properly create this L2 bridge? I am not sure about zones and tagged VLAN Sophos interfaces assignment. And correct firewall rule for DHCP request pass the SOPHOS XG L2 bridge. In the end, I will only test security functions on one of the VLANs. Other VLANs should not be affected. IP addresses are assigned from the original main routing firewall, which host DHCP server for all my VLANs.

I'm not successful yet...

Thank you for your help.

Radovan J.

Parents
  • Hi,

    it looks like I can setup bridge (with multiple tagged VLANs), but only IPv4 PING, DNS and DHCP traffic can pass. I didn't succeed with normal web traffic. I get connection error. Even if I create an ANY-ANY-ALLOW-ANY firewall rule to let everything pass. My XG is deployed in mixed mode (routing + L2 bridge +TAP/Discover mode).

    Radovan J.

Reply
  • Hi,

    it looks like I can setup bridge (with multiple tagged VLANs), but only IPv4 PING, DNS and DHCP traffic can pass. I didn't succeed with normal web traffic. I get connection error. Even if I create an ANY-ANY-ALLOW-ANY firewall rule to let everything pass. My XG is deployed in mixed mode (routing + L2 bridge +TAP/Discover mode).

    Radovan J.

Children