Hi,
on an XG210 (v18), I have a trunk connection to a switch. there are two vlan sub interfaces defined on this XG.
I want to bridge these two sub-interfaces and implement transparent firewalling between them. the GUI let me create a bridge interface and add these vlan interfaces as members, but no traffic is passed through. an 'any to any' rule is defined for testing, but no packet passed through.
is there any suggestions on this problem?
more investigation results,
I keep trying to pass ping packets for testing through the bridge, when the received ping packets leaving the bridge the source IP is changed to the bridge interface IP (and if the interface configured without IP, a reserved 169.254.x.x IP is assigned as source IP)
the bridge should not touch this, why doesn't the packet leave with the original IP?
any suggestions?
LuCar Toni said:So you want to Bridge two different VLAN IDs together?
As the Subnet etc. should be different across VLANs, that isnt possible.
You can Bridge the same VLAN together, if you build a Bridge on both physical interfaces and place the VLAN interface on this VLAN. If you have two different VLANs and want to perform Layer 3 routing with scanning, you put both VLANs on either one physical interface or two physical interfaces (with a Bridge).
Hi Lucar,
I need a layer 2 bridge which pass traffic between the two vlan interfaces in bridge. this simple schematic may show it better:
consider the vlan 5 and 6 directly connected to ISPs (untrust) and vlans 7 and 8 the ISP connections after passing the transparent firewall.
This setup is to provide a layer of protection between two ISPs and our router (which runs bgp to two ISPs). So I need to setup the sophos xg 210 (two devices in active passive HA) as a transparent firewall.
Using physical ports I can implement it easily by bridging each isp connected port to my router connected port. But due to the full mesh connectivity of routers and firewalls and two ISP uplinks, the number of physical interfaces would not be enough.
thanks
Keyur said:Hi chacha
It is a bit confusing to the setup, it would be great if you could share more details on that. As per your requirement, you have configured the bridge interface for VLAN (as per the diagram and information shared)but the tcpdump screenshot suggests that it is a LAG interface configuration. It would be great if you could share a screenshot of Interface configuration.
Hi keyur,
you are right as I tried to simplify the diagram to what I thought is related. the full setup consists of a full mesh topology (2x XG210, two stacked switches and two routers). so the VLAN interfaces are defined on a LAG interface connected to both switches and configured as trunk.
Keyur said:Hi chacha
It is a bit confusing to the setup, it would be great if you could share more details on that. As per your requirement, you have configured the bridge interface for VLAN (as per the diagram and information shared)but the tcpdump screenshot suggests that it is a LAG interface configuration. It would be great if you could share a screenshot of Interface configuration.
Hi keyur,
you are right as I tried to simplify the diagram to what I thought is related. the full setup consists of a full mesh topology (2x XG210, two stacked switches and two routers). so the VLAN interfaces are defined on a LAG interface connected to both switches and configured as trunk.
