Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 1977 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet and MPLS configuration on SOphos XG 210

Leslie Chaz

Good Evening,

I have a Sophos XG 210 firewall on my network. ISP has a single router both for Internet and MPLS as below.

  1. There is only one cable from router to firewall carrying both MPLS and internet traffic.
  2. All routing to branches done on the ISP router.
  3. TO LAN cable from the router was connected directly to the switch before introduction of the firewall.

Below are configs on ISP router:

interface GigabitEthernet0/0.1104
description POT_INTERNET
encapsulation dot1Q 1104
ip address 41.150.107.105 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.3663
description POT_MPLS
encapsulation dot1Q 3663
ip address 172.20.100.102 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description IMA_LAN
ip address 172.12.15.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto

QUESTION:

I need to configure the firewall on port 3. How should i do it?(What IPs do I use?). Port 1 on the firewall goes to LAN.

Thank You in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Leslie Chaz,

    are you sure you plugged the router in the right direction?

    What about configuring two zones on the firewall. One MPLS and the other WAN (alreay there)?
    Connect 0/0 with the firewall port
    Configuring a VLAN 3663 on the Firewall Port for zone MPLS.
    Configuring a VLAN 1104 on the Firewall Port for zone WAN
    Setting the default route to the VLAN 1104 / Zone WAN
    Setting the route to the MPLS Networks to VLAN 3663 / Zone MPLS

    If this is not the solution it would be best to ask your ISP. I don't see how this can be configured with 172.12.15.0/24 being the network between the router and the firewall.

    Best regards,
    BeEf

Reply
  • 0

    Hello Leslie Chaz,

    are you sure you plugged the router in the right direction?

    What about configuring two zones on the firewall. One MPLS and the other WAN (alreay there)?
    Connect 0/0 with the firewall port
    Configuring a VLAN 3663 on the Firewall Port for zone MPLS.
    Configuring a VLAN 1104 on the Firewall Port for zone WAN
    Setting the default route to the VLAN 1104 / Zone WAN
    Setting the route to the MPLS Networks to VLAN 3663 / Zone MPLS

    If this is not the solution it would be best to ask your ISP. I don't see how this can be configured with 172.12.15.0/24 being the network between the router and the firewall.

    Best regards,
    BeEf

Children
No Data