Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 699 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Two XG Firewalls: can we bridge lan over VPN with no NAT?

Chris Shipley

I have 2 locations that both have fiber Internet and Sophos XG firewalls running the latest version 18.5.1 of the firmware.

Location 1 - HQ
XG 230 with Sophos XG 18.5.1
WAN - Fiber
LAN - Port 6, running DHCP, no Internet access granted, just LAN

Location 2 - WareHouse
XGS 136 with Sophos XG 18.5.1
WAN - Fiber
LAN - ?

Can we bridge the LAN at Location 2 Warehouse to LAN at Location 1 HQ and have them use the same subnet? I want the fact that they are connected over a VPN to be transparent to the devices that connect to it. I tried to search for details on how to bridge 2 firewall LAN interfaces over a WAN VPN link, but wasn't successful.  Is it possible?  We have an old IP-based walkie talkie solution we are trying to expand into a new location, but it can't handle NAT or multiple subnets.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Chris,

    Thank you for contacting the Sophos Community.

    I would recommend you to reach out to your Sales Engineer, for this type of scenario.

    However, if you create a VPN with NAT using the following KB I believe you might be able to do achieve what you want, this method uses NAT in the tunnel.

    The other way I am thinking would be to use a RED device, then bridge the RED to the XG where you want the devices to be in the same subnet.

    Regards,

  • 0 in reply to emmosophos

    You can use a RED site to site Tunnel. Then bridge both LAN with the RED interface on both firewalls and this will lead to a big network and VPN bridge. But i highly recommend to be "simple" and not expand this to a bigger setup.

    All and every broadcast packet will be forwarded to the other destination. 

Reply
  • 0 in reply to emmosophos

    You can use a RED site to site Tunnel. Then bridge both LAN with the RED interface on both firewalls and this will lead to a big network and VPN bridge. But i highly recommend to be "simple" and not expand this to a bigger setup.

    All and every broadcast packet will be forwarded to the other destination. 

Children
  • 0 in reply to LuCar Toni

    Ahh yes thank you, I have in the past looked at doing the red connection between two firewalls and noticed it creates a red interface.  I'll give this a try.  It's for a basic application with 10 devices on it so it's worth a shot.  The bandwidth requirements are measured in kbps so it might be fast enough with traffic priority and bandwidth garuntees over the fiber connections.