Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 1041 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridged ports, causing instability.

IvanildoGalvão

Hello friends.

I created a bridge with ports 1 and 2 on a Sophos XGS 136, both ports are in the LAN zone.

The idea is to create high availability, because if one port goes down, the other maintains connectivity, each port is connected to a different switch on the LAN. But, strangely, some computers and servers fail to communicate with each other, everything goes back to normal when I remove the network cable from one of the bridge's ports, either port1 or port2.

I created the LAN to LAN firewall rule. Is there something I forgot?

Thanks !



This thread was automatically locked due to age.
Parents
  • 0

    Your setup creates a loop in your network. You will need a loop prevention mechanism like spanning tree to keep the other port down. If both are up you will have ethernet frames circulating in your network and inconsistent ARP tables

  • 0 in reply to KsecureK

    Understand.


    In the environment we have HPE switches, it is very likely that STP is enabled.
    In the bridge mode configuration, I understood that Sophos XGS would keep ports 1 and 2 in redundancy, as if only one interface sent packets on the network, which could have NLB or interface failover.
    In this case, instead of dealing with the STP of each switch, I will keep only one cable connected, in port1, connect the cable from port2 only if port1 is unavailable.

    Thanks !

Reply
  • 0 in reply to KsecureK

    Understand.


    In the environment we have HPE switches, it is very likely that STP is enabled.
    In the bridge mode configuration, I understood that Sophos XGS would keep ports 1 and 2 in redundancy, as if only one interface sent packets on the network, which could have NLB or interface failover.
    In this case, instead of dealing with the STP of each switch, I will keep only one cable connected, in port1, connect the cable from port2 only if port1 is unavailable.

    Thanks !

Children
No Data