Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 29 subscribers
  • Views 1409 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall Home -Bridge Mode

Zaahid Bayat

Good day.

I am new to networking and firewalls and I'm not sure if i setup the firewall correctly 

My home setup consists of a ADSL modem(bridge mode)> Mikrotik Router HAP AC2 >PI Hole DNS> Switch,.

the ADSL(only service available where I stay ) modem does nothing besides Bridge the connection to the router. The router handles the PPPOE and dhcp etc, DNS on the router is set to the raspberry pi which runs pihole to block ads and other services and the pi hole forwards all dns to OpenDNS for content filtering. Now i would like to implement the XG Firewall in my network. Now I'm not sure where to go from here . I have the firewall  installed on Hyper V  with two gigabit network nics. They set in bridge mode and i can access the firewall. I removed pihole from my network and set the DNS to the XG Firewall IP address and left dhcp to the Mikrotik Router.  I can browse the internet but its a little laggy, and when i checked on the firewall under current activities it doesn't show any activity even though I'm using it .I am not sure if this is the right way to go..

Old setup| adsl>mikrotik>pihole(dns server)>switch

New Setup| adls>Mikrotik>Firewall(dns server)> switch.

Your assistance would be highly appreciated 

Also i have web filtering  enabled but it doesn't seem to do anything.

Thanks

Zaahid Bayat



This thread was automatically locked due to age.
  • 0

    Hi Zaahid,

    my recommendation for your setup would be:

    modem in bridge mode - XG FW - Switch

    Is there any need to have the router connected (Wifi AP, etc.)? If not - leave the router and set DHCP on Sophos XG

    If you still want to use Pi-Hole for blocking ads, put it in the same network as your devices and set DNS on them (either manually or via DHCP running on XG) to Pi-Hole.

  • 0 in reply to njabi

    Hi Njabi,

    Thanks for your feedback. I will try this out later today. I do need the router for WIFI, I will set it up as AP only.

    Thanks

  • +1 in reply to Zaahid Bayat

    Well in that case you might also put it behind the XG and set it up as AP only. If possible set the AP to bridge (IP leases for wifi clients from DHCP Sophos). Good luck!

  • +1 in reply to Zaahid Bayat

    If you connect the firewall instead of your current router, then be sure to install the firewall in gateway mode (so it acts as a router). If you want to keep the current router you can choose to install the XG in bridge mode.

    Because you mention bridge mode in the topic title I tought to mention this because for a lot of people here bridge mode means that you would like to install the XG firewall in bridge mode.

    Just as Njabi recommends, in most (home) situations you will only want to have 1 gateway (routing) device, so installing XG in gateway mode and then reconfigure your current router as access point and place it on the inside of the firewall, plugged in to the switch.

  • 0 in reply to apijnappels

    Hi,

    and further to what the others have advicsed you can use the XG to block ads.

    ian

  • 0 in reply to apijnappels

    Hi,

    Over the weekend I followed what Njabi told me and it's working well.

    If I had to use it in bridge mode how would I do that? Would I disable the DHCP Server on the Mikrotik and let XG Firewall handle it..

    Thanks

  • 0 in reply to rfcat_vk

    Hi,

    Would you be able to advise me on how to do this.

    Thanks.

  • 0 in reply to Zaahid Bayat

    The router should have a WAN port where you plug in the cable connected to your switch to get an ip adress from your XG's DHCP. In this scenario the router is able to act as an alternative DHCP only for Wifi-Clients, where the traffic is running through the WAN-port of Router to your XG-gateway.

    I would feel better, if you let your Router/AP act as an ip-client to be connected not through its WAN port but through a LAN port. In this case you should disable the Router's DHCP server and clients connected via wifi will have a lease from XG's DHCP.

    Hence you might find the best way for your setup. Good luck!