This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM Bridge mode with VLANs

I have a question regarding running Sophos UTM 9 (version 9.509) in bridge mode with VLANs.


My current network setup:


VLAN 1: 192.168.1.1/24
VLAN 122: 192.168.122.1/24
VLAN 123: 192.168.123.1/24
VLAN 124: 192.168.124.1/24
VLAN 125: 192.168.125.1/24
VLAN 126: 192.168.126.1/24


Sophos UTM sits in VLAN 1, the network equipment sits in VLAN 122, all of the LAN devices in VLAN 123. VLAN 124-126 are used for wireless devices, game-consoles etc.


Furthermore, Sophos is being used as an Intrusion Prevention Device and webfilter.


After the inital bridge setup, setting up the any-any-any firewall rule, putting the webfilter in Full Transparent Mode and connecting it between the router and core switch I noticed traffic on the VLANs was flowing, but the webfiltering wasn't blocking any traffic. After some reading on the community page it turned out if you want to use VLANs in Bridge mode you need to setup VLAN adapters on the Bridged interface and add those VLAN adapters to the webfilter. After adding those interfaces, the webfiler starting blocking traffic. After doing some tests, it turned out I needed to do the same with the IPS. So far so good.


However, if I look at the network connectivity comming out of the Sophos Box, something strange happens. The Sophos Box is connected between the router and the core switch, the switchport on the coreswitchg is setup for VLAN1, with the rest of the VLANs as a trunk. You would expect to see the ip-number of Sophos itself being connected to the switchport, bit as it seems, the ip-number connected switches all the time. Sometimes it shows the ip-number of the managment VLAN interface, sometimes the ip-number of a network device. Is this behaviour expected as I'm using VLANs, or did I misconfigure something?



This thread was automatically locked due to age.
Parents Reply
  • All,

    This turns out to be a limitation of a feature related to the UTM. In UTM9, you must create a VLAN interface on top of the bridge for every VLAN you want to manage. So if you have five VLANs, you need five VLAN interfaces on the bridge. This results in the change of IP address connected to the core switch change with the IP numbers of the created VLAN adapters or a random IP sitting behind the adapter.

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data