This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN / DHCP

I have 3 VLANS, along with DHCP set up for each one.

My Sophos is 10.0.0.1, and I'd like VLAN11 to be on the 10.0.0.x network, so I've configured it as so...

However, when I plug a new device into the network, it gets put on the 169.254.x.x network, instead of picking up the 10.0.0.x/VLAN11.

I know I am missing something super obvious but the Sophos interface is brand new to me after getting away from Netgear.

This thread was automatically locked due to age.

Parents

0 rfcat_vk over 5 years ago

Hi,

very simple, the VLANs are on your external interface and need to be on your internal interface and managed through a managed switch.

I do not understand your configuration as to why you are using a bridge connection?

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Joe Schmoe over 5 years ago in reply to rfcat_vk

rfcat_vk said:

Hi,

very simple, the VLANs are on your external interface and need to be on your internal interface and managed through a managed switch.

Yeah, that makes sense. For some reason when I go to add a VLAN, that's the only interface that it allows me to put them on. Any idea why that would be?

rfcat_vk said:

I do not understand your configuration as to why you are using a bridge connection?

I didn't choose it... that must have been the default. If there is a way to change that, I will.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 5 years ago in reply to Joe Schmoe

HI,

with the current version of XG, VLANs on bridge are not supported, from memory that will be added shortly.

The bridge was setup during initial installation you had a choice of bridge or routing. You can delete that bridge by removing (deleting) the various interface out of it.

You will need to delete your DHCP server because you will be creating VLANs on a different network with the same IP addresses you are now using?

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Joe Schmoe over 5 years ago in reply to rfcat_vk

I just factory reset... there were two options, the Bridge one which I didn't select...

This is what I see after I first login:

If I try to add VLAN, it only allows it on Port2/WAN. Am I missing something obvious to be able to set VLANs on port1?
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 5 years ago in reply to Joe Schmoe

The Wizard will actually bridge the Interfaces. There is a option to not Bridge the Interface anyways. There are some text about it in the Wizard.

You need V18 to build VLANs on a Bridge.

https://community.sophos.com/products/xg-firewall/b/blog/posts/xg-firewall-v18-ga_2d00_build354-is-now-available

If you have MR11, please wait some days.
Cancel
Vote Up 0 Vote Down

Cancel
0 Joe Schmoe over 5 years ago in reply to LuCar Toni

Alright so if I remove the bridge, what do I need to do to get ports 1,3,4 to get access to WAN?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Joe Schmoe over 5 years ago in reply to LuCar Toni

Alright so if I remove the bridge, what do I need to do to get ports 1,3,4 to get access to WAN?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rfcat_vk over 5 years ago in reply to Joe Schmoe

Hi Joe,

you need to add IP addresses to the interfaces, then create firewall rules to allow the traffic out.

You can start with simple rules source LAN -> IP address range of interface - > destination WAN -> ANY -> allow -> log will get you ginghams. Further down the track you can modify each rule to use the web proxy to DPI engine, you can refine which ports you allow out, you can decide to scan mail but you will need to install the XG CA on each device the same if you choose to use decrypt and scan in the web proxy.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 5 years ago in reply to rfcat_vk

Hi,

I forgot to add you will also need a NAT rule, at this stage a generic rule would be best.

Ian
Cancel
Vote Up 0 Vote Down

Cancel