Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 13072 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG in Gateway or Bridge mode

Sean Adams

Hi,

Just need to double check something I am attempting to setup Sophos XG Home firewall at my house.  My setup is going to be:

 

ISP Router --> Sophos PC --> Switch --> Wifi and wired devices

 

The PC has two interfaces - one onboard & one on a PCIe card.

The ISP router is the DHCP provider as well as the router & modem.  It hands out a 192.168.1.* IP addresses to all internal devices.

Do I setup the Sophos PC in bridge or gateway mode?  I have tried bridge but it brought down the network.  So not sure if the interfaces are logically 1 and 2 (ie 1 - onboard, 2 - PCIe).

 

Any help would be appreciated.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Many thanks for that.  Are there any default firewall rules I need to put in place for this?

  • 0 in reply to LuCar Toni

    So I would disable DHCP on the router and set it up on the XG?

  • 0 in reply to Sean Adams

    Hi, let me start at the beginning. 

     

    You will have WAN and LAN zone interfaces. So basically one interface defined as WAN, which uses the connection to the router. In the router should be only one interface (XG). This Interface will be setup as DHCP Client. 

    The other interface is defined as LAN and runs an own DHCP Server. This LAN interface works as a gateway for all clients. It provides DNS, DHCP etc. 

    You should start with a simple LAN to WAN Rule with MASQ enabled. 

     

    Interfaces: (Please ignore the bridge (br0). You will have WAN with DHCP enabled, so a internal LAN IP) and you will setup another Interface with different IP as LAN).  

     

    DHCP:

     

    Firewall rule:

     

     

    This should work in the first setup. Afterwards you can play with all the security features in the firewall rule and see, what happens. 

    But this should work for every connection fine.