Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 1364 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall 135 Networking / Routing question

vampielgod

Dear all experts, 

Not sure whether am i in the correct place to ask this question.

As below diagram, i have a layer 2 Switch (Switch A) connected to the XG 135 firewall. 

My boss has got another layer 2 Switch (Switch B), he intended to create a VLAN on switch B, which will be connected to all the cameras.  

So my question is:

1. On switch A, i should be only be configuring = trunking mode 1 of the port that will be connected to switch B right? 

2. The VLAN should be configure on Switch B but not Switch A? if Yes, should the gateway of switch B point to switch A or the FW? my guess will be FW, as switch A is only a L2 switch? 

3. If i will going to allow only certain PC's IP or Mac address  connecting to switch A to route to switch B network, to view the cameras, i guess it should be done on the firewall? 

Sorry for my basic question, as my network knowledge is quite limited. 

Thanks. 



This thread was automatically locked due to age.
  • 0

    Hi,

    a minor issue, the XG only does l3 vlans.

    ian

  • 0

    You must define, whether you go with a bridge on XG, which means, you can forward the VLAN to other ports, or you go with layer 3 routing and define the VLAN on Port 1 and another VLAN on Port 2. 

    XG can only reuse the same vlan(Subnet) if using a bridge. 

  • 0 in reply to LuCar Toni

    Hi,

    The switch doesn't have any routing capabilities, is a Layer 2 switch, so the only method i only is using XG 135 to create the bridge. 

    will it have any complication to existing network if we are going to do this? 

    Before going into the routing issue, any advise on the below 2 question?

    1. On switch A, i should be only be configuring = trunking mode 1 of the port that will be connected to switch B right? 

    2. The VLAN should be configure on Switch B but not Switch A? if Yes, should the gateway of switch B point to itself or the FW? my guess will be FW, as switch A is only a L2 switch? 

    Thanks

  • 0 in reply to vampielgod

    You need to think about the reason to forward the VLAN. Bridge designs are the start of bad network designs in general, but are possible.

    Basically forwarding everything to another interface is possible but could be messy in the end and hard to fix. 

    Do you need the VLAN on the other Switch? Or is the routing of the subnet enough? 

  • 0 in reply to LuCar Toni

    Hi,

    the bridge seems quite complicated, I would prefer not to go this way. 

    yes, I would like to setup the VLAN in another switch.

    the routing of subnet you are referring to is the setup of static routes on the xg firewall? Does that mean that if we go for the routing of subnet we don’t even need to create the vlan on the other switch?

  • +1 in reply to vampielgod

    Hello, you shoul really review your network design: that ip range (172.0.0.0) is used in public, I think you don't want that.
    Have a look here:https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks

    I would recommend to have two separate networks and let the Sophos do the routing between those two.

  • 0 in reply to jprusch

    Hi, 

    So Sophos XG Firewall will be a layer 3 routing for this 2 subnets? 

    How do i go about in configuring the XG Firewall, from the Zone. When i try to add a new zone, there wasn't any members port that i can tag with. 

    Or do i create a new VLAN from the interface? i tried to do that, under physical interface, there is only a PORT2 for me to choose. 

    Please advise.