Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1279 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall wireless and ports

Searchlight Admin

We are considering purchasing a Sophos XGS 116W for a new location.

We want to use the firewall to protect 2 network segments and a wireless network segment.

We do not want any of these three networks segments to be able to see the other segments. They should be completely separate. For example, we don't want someone using our wireless segment to be able to get into our private operations segment.

Can the Sophos XGS 116W be configured in this way?

We currently have a SG 135 at another location and when we first got the device, we were told it could be setup similarly, but when we set up the separate network segments, it cut the throughput of the device by more than half. Eventually we were told by support that you could not set it up that way. 

Because the device has several ports, it seems that it should be obvious that you could set up different network segments, but after our last experience, we are not so confident.

So, we are just looking for some confirmation that if we get the XGS 116W that we could set up three completely separate network segments (two wired and one wireless) and that it would not significantly affect throughput.

Thanks in advance for your help clarifying this issue.



This thread was automatically locked due to age.
  • +1

    never seen "significantly degraded throughput" by adding network segments...without some kind of misconfiguration.

    not with XG(s) and also not with SG.

    The Sophos Firewall (XGS) should be able to do that.

    How many users and what bandwidth should be served?

    it might be beneficial to discuss your design with a Sophos partner.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    Hi Searchlight,

    Thank you for reaching out to Sophos Community.

    As dirkkotte have said, Sophos Firewall is capable with your query, also, and I would recommend reaching out to Sophos Sales Partner so that you can inquire all your queries and requirements before purchasing.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0

    Like Dirk already said, I have never seen something like this in a proper network design.

    That XGS 116(w) has 9 ports: 8x 1GBE (Copper) and one SFP 1GBE interface, whcih could all be used to connect to different network segments. We do this all the time, at least we separate an internal production LAN from the "Admin-LAN" used to manage the IT infrastructure by IT personnel. So internal "working speed" should not be affected by network segmentation with a firewall. It is the uplink you have to the internet that normally has the most effect on "speed", but only if using resources "outside" of your internal LAN, of course.

    As Dirk and Erick I would suggest to search a competent Sophos partner to do a proper network design and sizing of your firewall.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML