This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure multiple interfaces as LAN ethernet bridge (switch)

Hi I'm new here. An IT sales person, with only interest instead of knowledge :)

I have installed sophos home on a sg135 oem appliance. Now I have defined the wan/lan interface on eht0 and eth1. Because the sg135 has multiple ports, I want to use the other interfaces as an ethernet switch.

The first searches on this forum pointed me to link aggregation under the interface settings.

With this I did the following:
1. Link Aggregation Group created
2. Changed LAN interface (eth0) from Ethernet to Ethernet bridge and set the selected NICs to both the Ethernet and LAG.

After that, I have internet access on all of the selected interfaces within the LAG, just no access to other LAN devices. For this I created a firewall rule Internal LAN > Any > Internal LAN. Also without any good result.

Does anyone have a link to a topic, or a short explanation how I can achieve this?

Thank you very much for your help in advance!

This thread was automatically locked due to age.

Top Replies

DouglasFoster over 2 years ago +1

UTM is not designed to be a network switch. If you read the fine print, Bridge interfaces only pass specific Ethertypes. IPV4 is enabled by default, any others have to be itemized individually. You can…

BAlfson over 2 years ago

Hoi and welcome to the UTM Community!

I'm a visual-tactile learner, so it would help to "see" what you have. Please insert pictures of the Edits of the the LAG and the firewall rule. Also a picture of the 'Interface' tab.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
rsl2704 over 2 years ago in reply to BAlfson

Hi Bob, thanks for your reply.

Please see the screenshots in url below

https://ibb.co/MhBW3Mk
https://ibb.co/Rj3BnL6
https://ibb.co/2v3wHYF
https://ibb.co/VDXz5Pv

Do you need more information?
Cancel
Vote Up 0 Vote Down

Cancel
Amodin over 2 years ago in reply to rsl2704

SG115 USING LEFT PORTS AS A SWITCH - General Discussion - UTM Firewall - Sophos Community

Recommended not to do this.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel
BAlfson over 2 years ago in reply to rsl2704

Please Edit your post, and insert your images into the post. We can't know if that external site is properly protected. The only malware I've gotten in over 10+ years was from an external link to a picture in this forum over 5 years ago. Thanks in advance!

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
DouglasFoster over 2 years ago

UTM is not designed to be a network switch. If you read the fine print, Bridge interfaces only pass specific Ethertypes. IPV4 is enabled by default, any others have to be itemized individually. You can do a web search for IANA Ethertypes. It is a long list, and you may struggle to know which ones you need. A real network switch will pass all Ethertypes by default.

This is not a defect as much as a design decision. I used a UTM bridge configuration to slip my device between my internal network and my existing Internet firewall. The firewall mostly ignores traffic other than IPv4, so the default bridge configuration worked pretty well. I threw in a few other Ethertypes just to be sure, but the list was short.

A network switch has other features like fast-pathing that help performance. UTM already tries to do a lot of things, possibly too many. Trying to be a network switch would only stretch the design and development effort in a direction that would further hinder the effort to be great at all the other features.
Cancel
Vote Up +1 Vote Down

Cancel