I have a question regarding running Sophos UTM 9 (version 9.509) in bridge mode with VLANs.
My current network setup:
VLAN 1: 192.168.1.1/24
VLAN 122: 192.168.122.1/24
VLAN 123: 192.168.123.1/24
VLAN 124: 192.168.124.1/24
VLAN 125: 192.168.125.1/24
VLAN 126: 192.168.126.1/24
Sophos UTM sits in VLAN 1, the network equipment sits in VLAN 122, all of the LAN devices in VLAN 123. VLAN 124-126 are used for wireless devices, game-consoles etc.
Furthermore, Sophos is being used as an Intrusion Prevention Device and webfilter.
After the inital bridge setup, setting up the any-any-any firewall rule, putting the webfilter in Full Transparent Mode and connecting it between the router and core switch I noticed traffic on the VLANs was flowing, but the webfiltering wasn't blocking any traffic. After some reading on the community page it turned out if you want to use VLANs in Bridge mode you need to setup VLAN adapters on the Bridged interface and add those VLAN adapters to the webfilter. After adding those interfaces, the webfiler starting blocking traffic. After doing some tests, it turned out I needed to do the same with the IPS. So far so good.
However, if I look at the network connectivity comming out of the Sophos Box, something strange happens. The Sophos Box is connected between the router and the core switch, the switchport on the coreswitchg is setup for VLAN1, with the rest of the VLANs as a trunk. You would expect to see the ip-number of Sophos itself being connected to the switchport, bit as it seems, the ip-number connected switches all the time. Sometimes it shows the ip-number of the managment VLAN interface, sometimes the ip-number of a network device. Is this behaviour expected as I'm using VLANs, or did I misconfigure something?
This thread was automatically locked due to age.
