Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 13615 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLANs on Bridge interface

MichaelWalter

Hello,

i want to build the following scenario. I have one Sophos XG Firewall and have 2 Switch which are my core switches for the company. The Sophos should hold the gateway function of all vlans. So i guess i build two trunks with 2 links in it and put this 2 trunks in a bridge. After that i want to create my vlans on the sophos and link it to the bridge. But that didnt work. I only can assign one address to the bridge. on the cli i can change the VLAN but i find not an option to add some other vlans.

with an UTM this scenario is not a problem. Can anyone help me??



This thread was automatically locked due to age.
Parents
  • 0

    this scenario is a HA solution - so both switch have the same vlans.

    i try to explain why i want to bridge:

    e.g. i have a vlan 10 for server and a vlan 100 for clients. the trunk link between the 2 switches are blocked by STP. The condition is, that every traffic between the vlans must go through the firewall. Now if a client access the server the traffic have to pass the Firewall. in this behaviour i have a maximum of 8 "hops" - see below

    if the trunk between the sohpos and a switch exist i have a maximum of 10 "hops".

    i hope this is recommended solution.

    thx michael

  • 0 in reply to MichaelWalter

    HI MichaelWalter, 

    I see, this scenario would work on UTM 9 , I have tested on XG and found that this implementation does not work and there is an existing BUG for the same NC-2133 and may consider in the future release.  My suggestion is that you raise a Service request and so your issue would be linked with this BUG ID so it would indicate the requirement for the next release.

    Thanks and Regards

    Aditya Patel| Network and Security Engineer.

  • 0 in reply to Aditya Patel

    thanks for your answers. I hope too that this limitation works as soon as possible in the XG release.

Reply Children
No Data