Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 6310 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ethernet bridge big problem on Internal network

CyrilRay

Hi everybody,

 

i installed ASG 210 REV2 2 weeks ago for a customer an  and try to finalise today with some AP55 on it with. I want to use my 5 Ethernet ports insead the customer's 100Mbps switch (from other provider) and 1 Fiber port.  When i've cchange my configuration from Ethernet to Ethernet Bridge for eth0 with the same IP, i lose completly my connection with the UTM (Webadmin, ping,SSH). I have to factory reset my UTM many times to recover my acess and reconfigure it.... No data trough the bridge

 

I'don't understand wher my problem is going from.... 

 

Im in 9.509

 

Thanks for ideas



This thread was automatically locked due to age.
  • 0

    I am sorry but can you give us some more detail.

    What is the other port of the bridge? You access from internal network? Maybe a little diagram of this part of network topology. So show what's connected on the relevant ports.

    Then maybe you'll get more hints.

    -

  • 0

    I have recently implemented a bridge, and it is working well, so there is hope.

    The documentation says that a bridge can only be formed from unused NICs, so you need at least 3 spares -- 2 for the new bridge, and one for managing the device during the transition.  It sounds like you tried to a shortcut using CC, but apparently it did not work out.

    For my process it helped to have two laptops, one for configuration and one for testing.

    Assume:

    • 192.168.1.10 on A1, with default gateway to 192.168.1.1
    • A2 configured with 10.10.10.10 for temporary administration.   Connect with a crossover cable and perform the process from laptop #1
    • Assume we are moving from out-of-band configuration to in-line with another firewall.

    Process:

    • Combine unused A3 and A4 to create BR1.
    • Remove 192.168.1.10 from A1, apply it to BR1.
    • Move the cable from A1 to A3 to make it active. 
    • Connect A4 as desired to connect the firewall and complete the bridge.
    • Configure default gateway to route toward the firewall and the internet
    • Configure static route to send internal traffic 192.168.0.0/16 toward 192.168.1.1
    • Configure other static routes as needed.
    • Move any additional interface addresses from A1 to BR1.
    • If any network objects were locked on A1, remove the lock or move them to BR1.   Searching the Network object list for A1 works well to ensure completeness of this step.
    • Use laptop#2 for testing, first as an internal client doing outbound traffic, then as an external client doing inbound traffic such as WAF or VPN

    Notes

    • If A4 connects directly to a firewall, you may need a crossover cable.   You can also use ethtool from ssh to force MDIX mode.   My appliance did not perform automatic MDI/MDIX switching, nor did my firewall, so I had to set it explicitly.

    Hope this helps.

  • 0

    Salut,

    I guess that you need a firewall rule like 'Internal (Network) -> Any -> Internal (Network) : Allow'.  Any better luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Good point, Bob.  I forgi that in my first (failed) attempt, remembered it on the second try, then forgot it in my posting here.   Because I am using my bridge to connect to an existing perimeter firewall, my firewall rule was any-to-any, for service any.   This was safe because the other firewall is implementing the primary traffic filtering rules.

Unfiltered HTML