Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 995 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG firewall topology for home use

Graham Chow

Hi, I've spent 30 minutes browsing trying to find the answer to this.

What I want is to do is have the following topology.

[internet] ---- [XG firewall] ---- [Asus router in router mode with AI mesh Wi-Fi ] ---- [my internal wired network]

This appears to work fine. however, I can't access the XG firewall through my internal network.

I don't want to put the XG firewall on the other wide of my router since any Wi-Fi traffic would bypass the XG firewall. I also want to keep the ASUS device in router mode because it has some advanced security stuff all on its own which would be bypassed if in AP mode. I've also set up some firewall rules on the ASUS device that I would have to learn how to do on the XG. I'm a beginner, so that will take time.

What is the best/nice way to solve this issue? The easiest way I can think is to connect a Wi-Fi access point to the XG and access it that way. But that sounds like a kludge.



This thread was automatically locked due to age.
Parents
  • +1

    Hello,

    There will be too many issues while running your Asus in Router mode, not only It would be necessary to fix all Rules inside the device.

    Another issue is, you will loose a lot of the good functions from the Firewall, such doing filtering based on user/device or network, or getting useful logs from your devices.

    Graham Chow said:
    This appears to work fine. however, I can't access the XG firewall through my internal network.

    You're currently suffering from double-nat, another reason to let Sophos XG handle the routing functionalities.

    Graham Chow said:
    I've also set up some firewall rules on the ASUS device that I would have to learn how to do on the XG. I'm a beginner, so that will take time.

    Firewall Rules are (really) much more powerful in Sophos XG than your Asus router, depending on the amount of Rules you currently have, migrating them to XG shouldn't take more than 30 Minutes.

    The best practice to run Sophos XG at home is letting the Firewall handle all routing capabilities, and using a separate Access Point for Wireless. (You can also look at Sophos APX, since the Home Version supports them.)

    Thanks!

Reply
  • +1

    Hello,

    There will be too many issues while running your Asus in Router mode, not only It would be necessary to fix all Rules inside the device.

    Another issue is, you will loose a lot of the good functions from the Firewall, such doing filtering based on user/device or network, or getting useful logs from your devices.

    Graham Chow said:
    This appears to work fine. however, I can't access the XG firewall through my internal network.

    You're currently suffering from double-nat, another reason to let Sophos XG handle the routing functionalities.

    Graham Chow said:
    I've also set up some firewall rules on the ASUS device that I would have to learn how to do on the XG. I'm a beginner, so that will take time.

    Firewall Rules are (really) much more powerful in Sophos XG than your Asus router, depending on the amount of Rules you currently have, migrating them to XG shouldn't take more than 30 Minutes.

    The best practice to run Sophos XG at home is letting the Firewall handle all routing capabilities, and using a separate Access Point for Wireless. (You can also look at Sophos APX, since the Home Version supports them.)

    Thanks!

Children