Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migrating from netgear to sophos

Joe Schmoe

I am moving from a netgear FVS218N to an XG85:

Currently I have my network cable plugged into the LAN interface on XG85 on port 1 (LAN)
If I try to add a VLAN:
- It only allows me to add a VLAN on Physical Interface: Port2 and it doesn't allow me to choose VLAN ID 1. It also doesn't allow me to choose a gateway for it.

 

Having some issues getting familiar with the way sophos does their thing... So here's what I am trying to accomplish.

Routing:
I have a raspberry pi running as my VPN server (10.0.0.20). I have Static Routing:
- Destination IP: 10.0.9.0/255.255.255.0
- On LAN interface
- Gatway IP: 10.0.0.20

Inbound Services:
- OpenVPN, Allow Always
- Start: 10.0.0.20
- Translate to port 1194

I have LAN/WAN Rules:
- Anything in my cameras group I block WAN access

VLANs:
- Default VLAN 1
  - Subnet 10.0.0.1/255.255.255.0
  - Primary DNS 10.0.0.5
- Guest VLAN 22
  - Subnet 10.0.22.1/255.255.255.0
  - Primary DNS 10.0.22.5 (raspberry pi running pihole)
- Guest2 VLAN 33
  - Subnet 10.0.33.1/255.255.255.0
  - Primary DNS 10.0.33.5 (raspberry pi running pihole)



This thread was automatically locked due to age.
  • 0

    Hi,

    the XG use L3 for VLANs so you need an IP address for your physical connection. You cannot use VLAN 1 on an XG as that is the administrative VLAN.

    You will probably need a DNAT business rule for your for your VPN terminations on the server.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Maybe this will be better if I break it up...

     

    If I try to add a VLAN:
    - It only allows me to add a VLAN on Physical Interface: Port2 and it doesn't allow me to choose VLAN ID 1. It also doesn't allow me to choose a gateway for it.

    Shouldn't I be able to add a VLAN on something other than Port2?  Port2 doesn't even have anything connected to it?

     

    How would I setup a VLAN with ID 22 and then create a DNS entry for it specifically?

  • 0 in reply to Joe Schmoe

    Hi,

    you cannot use VLAN ID 1 on an XG.

    You will need an IP address assigned to port 2 before you can create a VLAN.

    What do you mean create DNS entry for a VLAN ID?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I'm not trying to add VLAN on port 2.  I have my LAN connection going to port 1.

     

    In any case, I'm just trying to setup a couple of VLANs.  My main network is 10.0.0.0/24 and I'd like the VLAN to be on the 10.0.22.0/24 subnet and have all things connected to the VLAN to use 10.0.22.4 as their DNS server.

    Does that make sense?  I'm bad at describing this, so ...

     

  • +1 in reply to Joe Schmoe

    Hi,

    you cannot at this stage setup VLANs on a bridge.

    Ian

    What benefit do you see from having the XG in bridge mode?

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Well, there we go... I need to put it in gateway mode first. Yeah, so there's my first problem.

    Once I do that, I should be able to get a bit further

    Do you know if it's possible to set up separate dns servers for each vlan?

  • 0 in reply to Joe Schmoe

    Yes it is, you do that in the DHCP settings. You need to ensure that the XG DNS is being updated at the same time as your other DNS otherwise you will have web surfing issues.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I did a factory reset on the device and put it in gateway mode.  Question I have is... how do I verify that it is actually in gateway mode?

  • 0 in reply to Joe Schmoe

    Actually there is no Gateway / bridge mode etc.

    The Interfaces are the important part about this modes. 

    If you have a Layer 2 Interface bridge, you are running in Bridge mode. 

    If you have different Interfaces and work with Layer 3 routing, you are in Gateway mode. 

    __________________________________________________________________________________________________________________

Cookie Information Banner