Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 940 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridged VLAN Support Question - XG V18

CdnWolf

I apologize if this has been explained somewhere else and please feel free to direct me to the answer.

I have a XG appliance that we want to bridge 2 interfaces and create them as a bridged trunk for VLANs.

So on the XG we have int 1 and int 2 that will each be connected to 2 different switches (not switch stacked). Each of these switches need to have the same VLANs associated to them.

I have created a IPed bridge by adding interface 1 and interface 2 and assigning a interface IP to it. I then added VLAN 10 and VLAN 20 as sub interfaces on said bridge.

Problem I have is that devices connected at the end on either VLAN 10 or VLAN 20 cannot communicate to anything.

I have read that I might have to create rules to allow the traffic to pass from the sub interface VLAN 10 to any other zone.

Can someone give a more detail explanation or example of this to help me fix up my issue?



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    You'll need to configure a firewall rule with the required source and destination zone to communicate between VLAN 10 and VLAN 20.

    Refer to the below example for better understanding.

    =======================================================

    Bridge interface is configured with Port1 and Port3. Both interfaces are part of the LAN zone.

    Added 2 VLAN interfaces on a bridge.

    ID | Zone | IP

    VLAN 10 | LAN | 172.16.10.1/24
    VLAN 20 | LAN | 172.16.20.1/24

    For communication between VLAN 10 and VLAN 20, a firewall rule with source and destination zone LAN will be required.

    If VLAN 20 is in a different zone DMZ, then to communicate from VLAN 10 to VLAN 20 a firewall rule with source zone LAN and destination zone DMZ will be required.

    And from VLAN 20 to VLAN 10 a firewall rule with source zone DMZ and destination zone LAN will be required.

    =======================================================

    Please let us know if you have any queries regards.

  • 0 in reply to FormerMember

    This is great! Follow up question though, how do I make this work when I already have WAN firewall rules created? example allow all devices WAN Access via HTTPS. and another firewall rule to allow say a group of devices in one VLAN access to egress the WAN over TCP port 8888?

  • 0

    This is great! Follow up question though, how do I make this work when I already have WAN firewall rules created? example allow all devices WAN Access via HTTPS. and another firewall rule to allow say a group of devices in one VLAN access to egress the WAN over TCP port 8888?