This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge Mode not working

I can't get Sophos XG to work in bridge mode - spent hours now trying various things and following posts on here...but nothing. Anyone got any idea what I'm missing or doing wrong please?

SFOS 17.5.12 MR-12

ESXi 6.7 U3, 4 physical NICs

VM deployed using OVF (tried: 'sf_virtual.ovf', 'sf_virtual_vm8_paravirtual.ovf') plus creating from scratch and importing disks.

UniFi USG <-> WAN vSwitch <-> Sophos XG <-> LAN vSwitch <-> Physical Switch

Both vSwitches have Promiscuous mode enabled.

Tried various VM conifgurations: E1000 & VMXNET3 network adapters, SCSI, Paravirtual...doesn't seem to make any difference.

During setup Sophos gets a DHCP address from the UniFi USG (I've tried DHCP but typically assign static address 192.168.1.2) but once the setup wizard completes and the device restarts I can access Sophos XG from the LAN on the assigned IP, but it cannot access the internet and no other traffic gets through either.

USG (Gateway) is 192.168.1.1

Added Firewall rules for all traffic from LAN to WAN and vice versa, and also a single ANY -> ANY rule.

Disabled DHCP on the guest network.

 

Appreciate you reading this :-)



This thread was automatically locked due to age.
  • Hi,

    why do you have a wan to lan without any filtering?

    Have you enabled NAT on any firewall rule?

    In logviewer which rule id dropping the traffic.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • You probably need to accept Promiscuous mode and Forged transmits, in vSwitch's port group configuration.

  • core_memory said:

    You probably need to accept Promiscuous mode and Forged transmits, in vSwitch's port group configuration.

     

    This was it! I did not have Forged transmits on; once enabled traffic started flowing through the XG. Thanks heaps!

    Can't believe after so many hours on this that it was so simple...this should be mentioned in the support doco! (Or at least I couldn't find it in anything I found on here or elsewhere)