Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1724 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migrating from netgear to sophos

Joe Schmoe

I am moving from a netgear FVS218N to an XG85:

Currently I have my network cable plugged into the LAN interface on XG85 on port 1 (LAN)
If I try to add a VLAN:
- It only allows me to add a VLAN on Physical Interface: Port2 and it doesn't allow me to choose VLAN ID 1. It also doesn't allow me to choose a gateway for it.

 

Having some issues getting familiar with the way sophos does their thing... So here's what I am trying to accomplish.

Routing:
I have a raspberry pi running as my VPN server (10.0.0.20). I have Static Routing:
- Destination IP: 10.0.9.0/255.255.255.0
- On LAN interface
- Gatway IP: 10.0.0.20

Inbound Services:
- OpenVPN, Allow Always
- Start: 10.0.0.20
- Translate to port 1194

I have LAN/WAN Rules:
- Anything in my cameras group I block WAN access

VLANs:
- Default VLAN 1
  - Subnet 10.0.0.1/255.255.255.0
  - Primary DNS 10.0.0.5
- Guest VLAN 22
  - Subnet 10.0.22.1/255.255.255.0
  - Primary DNS 10.0.22.5 (raspberry pi running pihole)
- Guest2 VLAN 33
  - Subnet 10.0.33.1/255.255.255.0
  - Primary DNS 10.0.33.5 (raspberry pi running pihole)



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    the XG use L3 for VLANs so you need an IP address for your physical connection. You cannot use VLAN 1 on an XG as that is the administrative VLAN.

    You will probably need a DNAT business rule for your for your VPN terminations on the server.

    Ian

  • 0 in reply to rfcat_vk

    Maybe this will be better if I break it up...

     

    If I try to add a VLAN:
    - It only allows me to add a VLAN on Physical Interface: Port2 and it doesn't allow me to choose VLAN ID 1. It also doesn't allow me to choose a gateway for it.

    Shouldn't I be able to add a VLAN on something other than Port2?  Port2 doesn't even have anything connected to it?

     

    How would I setup a VLAN with ID 22 and then create a DNS entry for it specifically?

  • 0 in reply to Joe Schmoe

    Hi,

    you cannot use VLAN ID 1 on an XG.

    You will need an IP address assigned to port 2 before you can create a VLAN.

    What do you mean create DNS entry for a VLAN ID?

    Ian

  • 0 in reply to rfcat_vk

    I'm not trying to add VLAN on port 2.  I have my LAN connection going to port 1.

     

    In any case, I'm just trying to setup a couple of VLANs.  My main network is 10.0.0.0/24 and I'd like the VLAN to be on the 10.0.22.0/24 subnet and have all things connected to the VLAN to use 10.0.22.4 as their DNS server.

    Does that make sense?  I'm bad at describing this, so ...

     

Reply
  • 0 in reply to rfcat_vk

    I'm not trying to add VLAN on port 2.  I have my LAN connection going to port 1.

     

    In any case, I'm just trying to setup a couple of VLANs.  My main network is 10.0.0.0/24 and I'd like the VLAN to be on the 10.0.22.0/24 subnet and have all things connected to the VLAN to use 10.0.22.4 as their DNS server.

    Does that make sense?  I'm bad at describing this, so ...

     

Children