Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 3504 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Management Interface

MakoRantz

Hi,

 

To date I have always used a management interface to deal with traffic for admin. Most firewall and network devices provide this luxury but we are finding it difficult to get this setup in the Sophos XG as the return traffic is going out over the main LAN interface to our internal network ??

Does Sophos provide the capability for Management interface traffic ?

 

Many thanks

Ed



This thread was automatically locked due to age.
Parents
  • 0

    I cannot quite follow up with your query. You could configure Webadmin only for one Port and use this port only for Management. But you would still have to connect to this port. Layer 3 Switch etc. 

  • 0 in reply to LuCar Toni

    LuCar.

     

    I am having the same concern as Ed. The management interface should be in its own VRF so management traffic is not going across the same interfaces as the rest of the network traffic. Otherwise, there is no need for a physical management interface. 

    It is important to have the separation between the Data Plane and the Management Plane, so you can have true Out of Band management, (i.e. I need to disconnect a LAN interface, but I want to still be able to get to the box from a network not directly connected to the FW)

    If I am missing something, please let me know. 

     

    Ken

Reply
  • 0 in reply to LuCar Toni

    LuCar.

     

    I am having the same concern as Ed. The management interface should be in its own VRF so management traffic is not going across the same interfaces as the rest of the network traffic. Otherwise, there is no need for a physical management interface. 

    It is important to have the separation between the Data Plane and the Management Plane, so you can have true Out of Band management, (i.e. I need to disconnect a LAN interface, but I want to still be able to get to the box from a network not directly connected to the FW)

    If I am missing something, please let me know. 

     

    Ken

Children
No Data