Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 26254 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Replace Cisco 1921 With Sophos?

AllanD

Not sure where this question would go other then Initial Setup.  It's more of a design question but its the closest group I could find.

 

Currently our main office has a Sophos XG310 and a Cisco 1921 used for a point to point connection with a branch office.  The point to point carries tagged info for three VLANs and has voice priority for DSCP EF (46) QoS and also for one of the three VLANs (kinda a backup in case the traffic wasn't tagged).  This works fine.  However we are adding another branch office and will have a Sophos XG125 in that office (for local internet).  Can the Sophos do the routing in place of a Cisco 1921 with the QoS?  In other words can I forward traffic from the main office (10.10.*) to the suboffice (10.20.*) with those three VLAN's and then give priority to the VLAN for voice traffic?  It would be nice to not have to have the Cisco boxes in addition to the Sophos at each location.

 

-Allan



This thread was automatically locked due to age.
  • 0 in reply to AllanD

    Allan,

    • create the connection between the 2 sites (XG to XG)
    • advertise the VLAN inside the XG
    • create the proper firewall rule and apply here QoS
    • create the proper static route/policy route (you can apply DSCP too)

     

    This should be enough!

  • 0 in reply to lferrara

    I'm so confused.  Ha.  I get the create the connection between them part but you lost me after that. 

     

    For advertise the VLAN inside the XG (3 total) do I put that on the LAN port?  If so do I then move the XG to a trunk port on my switch?  Right now the XG is 10.10.30.254 (VLAN 30) and plugged into the switch with a accept untagged only and tag as VLAN 30 port.   Would I add 10.10.20.254 (VLAN 20) and 10.10.10.254 (VLAN 10) then move that port to a trunk port so it keeps the tags? 

     

    For the firewall rule I want Any <-> Any.  It's all internal.

     

    For the static route that should be simple.  10.20.0.0 / 16 goes to the other side, vice versa on that network.  But looking at the policy routing I don't see a way to set one up without selecting a gateway which wouldn't be used. 

     

    -Allan

  • 0 in reply to AllanD

    Or would I be better off just connecting the offices using the existing Dell switches since they already have QoS for the voice data and plug a Trunk port on each together using the EPL?

  • 0 in reply to AllanD

    I just wanted to leave a update.  After playing around with the XG I gave up and used the Cisco 1921 pair since I knew 100% that the QoS for voice traffic worked.  In fact I pushed a 1 Gb file over the link to saturate it and made calls back and forth and they were crystal clear.   Although I would have liked to use the XG for this I don't feel confident enough in me setting it up for this which the Cisco boxes, although overkill, just work.  Also they don't have any bandwidth issues, maybe because they are only doing this simplistic routing with QoS and nothing else (no security policies, firewall, etc).  So I'm getting the full 50 mbps over the link without issues.

     

    We are bringing on another office in the near future so I might revisit trying it with the XG simply to save me from having to buy more Cisco routers.

     

    -Allan