Basic Home Connection Setup with Router and Sophos Home Server?

Hi Albert,

Simply put, the Sophos XG Firewall Home Edition is a replacement to your Router, however, I suspect that your Router is also acting as an Access Point.

With that presumption, your Home Setup would evolve into:

Internet --> Cable Modem --> Sophos XG Firewall Home Edition --> Switch --> Router, PC, Printer, Additional Downstairs Devices

Generally, SoHo Routers have a built in Switch, allowing you to connect multiple hosts directly to it. Due to the nature of only having a Dual NIC on your Sophos XG Firewall Home Edition, the OUT, or more accurately, LAN, will need to be connected directly to a Switch, and then other hosts can connect to that Switch.

If you have the model number of the Router, I'll be able to be more accurate with my next recommendation, however, from a general standpoint, I also advise that you place the Router in Access Point Mode (AP Mode). If it doesn't support that feature, then at the very least disable DHCP, QoS, Firewalls, etc, so that the Sophos XG Firewall Home Edition can do the heavy lifting.

I hope this helps! Best of luck!

Cheers,

Kyle

Kyle,

Just one follow up.  Could I still connect a Sophos Home Edition setup to my router from a single IP for testing and learning?  And not mess up the rest of the family that would be using wireless or IP's from the Router directly.  Realizing the only devices protected by Sophos would be below the Sophos XG Home Edition?  Seems like a problem connecting a router to a router, but if I am only using the existing home router to grant me an IP to experiment with a Sophos setup would that work?

Internet --> Cable Modem --> Router --> Sophos XG Firewall Home Edition --> Switch --> PC's

Thanks again for your help.

Al

Albert Franz said:

Kyle,

Thanks for the description.  I have used DLink DIR-655 router for a long time at home which could easily be put into AP Mode I believe.  Though currently I just upgraded to a Synology RT1900ac router at home which has many more features.  Any thoughts on those two would be helpful.  Thanks again.

Al

For the DIR-655, it seems like you'll have to turn off features manually - here's a quick link I found for that specific router - http://www.technoleros.com/turn-a-d-link-dir-655-router-into-a-secondary-access-point/

For the Synology RT1900ac, that's a very feature rich device. This certainly has an AP Mode, however, you will lose out on a lot of its capabilities when in AP Mode. That being said, I still prefer Sophos over...well anything :)

Albert Franz said:

Kyle,

Just one follow up.  Could I still connect a Sophos Home Edition setup to my router from a single IP for testing and learning?  And not mess up the rest of the family that would be using wireless or IP's from the Router directly.  Realizing the only devices protected by Sophos would be below the Sophos XG Home Edition?  Seems like a problem connecting a router to a router, but if I am only using the existing home router to grant me an IP to experiment with a Sophos setup would that work?

Internet --> Cable Modem --> Router --> Sophos XG Firewall Home Edition --> Switch --> PC's

Thanks again for your help.

Al

I understand that dilemma far too well. Of course what you can do is as follows, however, understand that traffic will not route through it, so really all you'll be doing is checking out the Web Interface. If that's a suitable first step, what you would do is:

Internet --> Cable Modem --> Synology RT1900ac --> Switch --> Synology XG Firewall Home Edition & Everything Else

You'd be connecting the Synology XG Firewall Home Edition to your switch and setup the LAN so you can connect to the Web Interface and tinker. You can choose a Static IP outside of your Synology RT1900ac's DHCP Range or you can set it as DHCP. Either way, that will be the IP of the Web Interface. Again, be sure not to add a DHCP Server, or you'll have a headache on your hands :)

Cheers,

Kyle

Albert Franz said:

Kyle,

Thanks for the description.  I have used DLink DIR-655 router for a long time at home which could easily be put into AP Mode I believe.  Though currently I just upgraded to a Synology RT1900ac router at home which has many more features.  Any thoughts on those two would be helpful.  Thanks again.

Al

For the DIR-655, it seems like you'll have to turn off features manually - here's a quick link I found for that specific router - http://www.technoleros.com/turn-a-d-link-dir-655-router-into-a-secondary-access-point/

For the Synology RT1900ac, that's a very feature rich device. This certainly has an AP Mode, however, you will lose out on a lot of its capabilities when in AP Mode. That being said, I still prefer Sophos over...well anything :)

Albert Franz said:

Kyle,

Just one follow up.  Could I still connect a Sophos Home Edition setup to my router from a single IP for testing and learning?  And not mess up the rest of the family that would be using wireless or IP's from the Router directly.  Realizing the only devices protected by Sophos would be below the Sophos XG Home Edition?  Seems like a problem connecting a router to a router, but if I am only using the existing home router to grant me an IP to experiment with a Sophos setup would that work?

Internet --> Cable Modem --> Router --> Sophos XG Firewall Home Edition --> Switch --> PC's

Thanks again for your help.

Al

I understand that dilemma far too well. Of course what you can do is as follows, however, understand that traffic will not route through it, so really all you'll be doing is checking out the Web Interface. If that's a suitable first step, what you would do is:

Internet --> Cable Modem --> Synology RT1900ac --> Switch --> Synology XG Firewall Home Edition & Everything Else

You'd be connecting the Synology XG Firewall Home Edition to your switch and setup the LAN so you can connect to the Web Interface and tinker. You can choose a Static IP outside of your Synology RT1900ac's DHCP Range or you can set it as DHCP. Either way, that will be the IP of the Web Interface. Again, be sure not to add a DHCP Server, or you'll have a headache on your hands :)

Cheers,

Kyle

When you say "no traffic will route through it", I will not be able to get any internet data coming in or going out to any devices connected to a switch coming out of the XG Firewall Home Edition?   Data coming in would route to the XG Firewall but then no way to know what device to go to?  Data going out would get lost and fail once it gets to the RT1900ac Router?  Is that correct?  Thanks again, you have been a big help.

With the Sophos XG Firewall Home Edition configured after the switch, the only traffic that will reach it will be hosts that access the Web Interface; routing is being handled by your Synology RT1900ac. It's just a glorified host at that point.

If we were to return to the basics;

Internet --> Cable Modem --> PC/Linux/Mac; Your PC/Linux/Mac obtains a WAN IP from your Cable Modem and your PC is able to, for simplistic purposes, browse the Internet.

In the case where you have multiple PC/Linux/Mac devices, routing is necessary to ensure the requests handed off from the Cable Modem are sent to the appropriate Host.

Internet --> Cable Modem --> Router --> Switch (assume the router only has two NIC's) --> PC/Linux/Mac; Your Router obtains a WAN IP from your Cable Modem and your Hosts now have some internal network address, most generally 192.168.1.100, 192.168.1.101, 192.168.1.102.

Currently, your Synology RT1900ac is acting as the gatekeeper between your Cable Modem and your PC/Linux/Mac hosts and your Sophos XG Firewall Home Edition is following suit with 192.168.1.103 for example.

Until you replace the Synology RT1900ac with the Sophos XG Firewall Home Edition, it's not going to be receiving Cable Modem traffic nor distributing it to the rest of your network. To be clear, it does have other features that can be used in this mode, however, that's really not the purpose of this thread, so I'll digress.