hi i previously posted a question on how to migrate trunk vlans from one port to another mew port for lag configuration. Once i did the transfer we lost connection with dhcp all clients cannot get ip address but once they get a static ip the communication…

I'm trying to setup a Central managed AP to a VLAN connected SSID to my Firewall. Pos A - If I'm connected directly to the Firewall with the AP, the AP can see and serve the internet to anyone connected to it. Pos B - If I'm connected through a…

Hello, I'm seeing more and more ISPs asking for CPE P-bit setting for their connections. As far as i know, Sophos Firewalls still doesn't support this forcing us to use a bridged router supporting this feature in front of the Sophos FW. Please consider…

Hi. I've been battling this for days and finally decided to post it here and seek help. I've pfSense as the main router and Sophos XG is in bridge mode (for application filtering purposes). There's 1x VLAN involved. The DHCP works fine for the main…

Hi everyone, We have an IPsec site-to-site VPN connection between our Sophos and Fortigate devices. Currently, both the gateway and tunnel are UP and functioning properly. VLAN 10 and VLAN 20 are included in the local subnet configuration on the Sophos…

Hi all, i have had a look at the Invalid Traffic page but as stated at the bottom doesnt resolve the issue, just reduces the number of logged entries My setup is as follows Core network is TPLink Omada (Manages the vlans) Sophos setup: Port1 …

TLDR - IEEE 802.1Q reserves VLAN ID 0 for a special purpose. Sophos XGS firewalls do not implement this special purpose correctly, preventing communication with some ISP Gateway modems. The request for proper implementation of VLAN ID 0 handling is being…

Hello, I've added a DHCP-Server for an interface on my XG. The interface is an RED-VLAN-Interface and ping from the switch is working. An Accesspoint connected to the switch did not get an IP-Adresse. Today we found out, that we have the same problem…

Hello all, I'm used to another known firewall vendor but I decided to give this for my home network a try since the other solution is way too expensive. My goal is to use a single link between my switch and my Sophos appliance so I do not need lots…

I have created a new vlan and dhcp on the XGS, configured the vlan on unifi wifi/switches, I am getting ip however I cannot get internet access. I don't want the vlan to access other vlans however I want computers inside the vlan to communicate with…

Hello Everyone, I am having a little configuration issue with my web server on a VLAN. All my VLANs have internet access but I can't seem to access my web server from outside my network. Can anyone post an example firewall rule from Public IP to VLAN…

Hi, We've run a flat lan for years at our main location. We've recently updated our network and added a few new VLANS to the mix. Now I have a problem. We have several Site-to-Site VPNs up and running that work great with our original VLAN1. However…

Hi, my current network looks like this. This is a double NAT scenario but works quite well. Now I got a Unifi USG for testing purposes. I'd like to add it between the Sophos XG and the Unifi Switch. The Sophos should keep on managing DHCP, DNS…

Hello, we got 2 new XGS450-firewalls. Currently the configuration is blank. The firewall should manage the vlan traffic. We have 3 branches. They are connected with a cisco mpls-network. Our internet-firewall in the mpls network: Should be…

Hello , I have 2 SSID Data (vlan 10) , building (vlan 20). I have one mobile device who sometimes connect with data , sometimes with building. I can make a reserved IP on Mac adres for vlan Data (10) , but i can not reserve another adres for vlan…

Hello Sophos Community, I am a Sophos beginner and have questions regarding the options for site connection via REDs or site-to-site VPN, as I have no practical experience here. What are my requirements? The idea is to connect 3 locations, whereby…

Hi, here is my setup, i have 2 VLAN ( 20 and 30 ) and both have DHCP enabled, and both have similar setting. VLAN is supposed to be used for Administration purposes and VLAN 30 for production traffic. VLAN 20 does not have access to Internet…

Hello. I wonder if Sophos Firewall could be set up to have each VLAN having different WAN gateways ? For example, VLAN 1 will go to WAN 1 and VLAN 2 will go to WAN 2, so that there will virtually be two networks. Originally, I was thinking to set…

I have an APX320 on Port1 of an XGS. The original setup was to first bridge Port1, PortF1, and Port4 onto a bridge, LAN_Bridge, and then have the AP send three of its SSIDs down VLANs and bridge the other SSID to its LAN (LAN_Bridge). So the VLANs (LAN_Bridge…

I had our Sophos XG87 configured by our reseller when we bought it, since I knew nothing about how to do it properly. I've learned a lot and have changed quite a few things, but want to make a foundational change that will require destroying several things…

Port 1 was configured for LAN Usage VLAN 20 was added to Port 1 Port 1 was then unbound, VLAN 20 went away. Created VLAN 2 on the (unbound) Port 1 Wanted to create VLAN 20 again and add to Port 1 as well Get message " Interface name exists.…

Hello, I have a bridged interface. Port 1, 4, and 8. VLANs 1, 10. the bridge is in the LAN zone. VLAN 10 supports nearly all traffic, VLAN 1 exists for a private wifi network that allows guests/vendors to use the internet, but prevents them from…

Hello, Please some help understanding the following scenario: VLAN ID - 400 VLAN ID - 410 On the network with vlan ID 400 I can use the ip gateway from VLAN ID 410 and it works! Rules are applied correctly (from VLAN ID 400). This happens in all the…

We have 1 WAN IP from our ISP 18 LAN IPs from the ISP Current setup is one CAT6 from ISP to Sophos Firewall. Firewall has the 1 WAN IP interface setup for internet We need a port enabled for on the firewall for a Vendor router to use one of the…

Hello! We are planing micro segmentation of our server farm and thus will need a bunch of vlans in the range of 200-300, but there seems to be a limit on how many vlans can be added to a physical interface according to this kb: https://support.sophos…