Sophos sg105 UTM 9 - VLAN setup

Think of the vlan as a separate  layer 2 network segment, coexisting with other segments on the same cable.  As such you would have to define/allow services you want it to have, same as for an interface.

Appears the sg105 has 4 ports on the back. You would define one of the unused ports for your tenant. You don't necessarily have to use vlan. Vlans are used when you want to segregate an in use interface. Doing so eliminates the complication of having to use a managed switch for traffic on that interface.

You then define services (nat, firewall, etc) you want them to have access to.  Unless you explicitly define firewall rules between interfaces (or vlans), traffic from one cannot cross to another. Of course, the new interface would be on an unused subnet as well.

Think of the vlan as a separate  layer 2 network segment, coexisting with other segments on the same cable.  As such you would have to define/allow services you want it to have, same as for an interface.

Appears the sg105 has 4 ports on the back. You would define one of the unused ports for your tenant. You don't necessarily have to use vlan. Vlans are used when you want to segregate an in use interface. Doing so eliminates the complication of having to use a managed switch for traffic on that interface.

You then define services (nat, firewall, etc) you want them to have access to.  Unless you explicitly define firewall rules between interfaces (or vlans), traffic from one cannot cross to another. Of course, the new interface would be on an unused subnet as well.

Okay thanks,

Maybe I can use DMZ?

I don't know why they labels them as such. I suppose to make it easier, but also adds to confusion. I believe all the interfaces are identical, so you should be able to assign any unused one. Obviously it won't be used for "dmz" purposes. 

Make sure to test if you can access any of your existing network from the interface after setting it up. There may be unforeseen rules already in place that may allow traffic.