How to enable other physical ports for basic LAN access like a switch

Hi Lowell,

You can check this out: https://community.sophos.com/kb/en-us/123098 

The KB here would guide you to configure your XG as per your described requirement.

Kindly let us know how it goes, 

Regards,

Rap

Thanks for the rapid response, Ashen1!  I suspected a bridge would be needed, but then got thrown off by an IP still being needed.  So this IP for the bridge can't be the same as the firewall's LAN IP?  And if it's got to be something different how does that IP really affect anything? 

When creating a bridge, you will only need a single interface IP eg. Port 1 - 172.16.16.16 /24  and let's say you will bridge Ports 2 and 3 to Port 1, with this example an additional IP is not needed anymore, they will use the same IP and subnet of Port 1, and the bridged interface/s will be as a Layer 2

hope it helps, let us know how it goes.

Regards,

Rap

You make sense, but when going to create a new bridge the IPv4/Netmask is a required field.  The KB instructions also show that an IP has to be entered.

Hi Lowell,

Yes, an IP address and netmask is required when creating a new one, but when bridging to and existing interface it's not needed.

is your goal to create a new interface with no IP settings and bridge certain ports to it? or create a bridge interface with a different IP address?

Regards,

Rap

Ashen1 Thanks for pursuing this with me.  The customer (small business) just needs 1 more LAN port available and their switch is full, don't want to buy a second managed switch for them just for 1 more port, being they will have absolutely no more devices added to the server room (the network room is in another area).  So the goal is to just make 1 of the 6 remaining available ports on the XG 125 available for the less-critical device I want connected to the network.

When I go to create a new bridge, I select Port1 (LAN, with IP on the network as the network's gateway) and Port4, and select LAN zone, there's still a required IPv4 field and if I leave it blank I can't save the bridge as it says, "You must enter a valid IP for IP Address".  Here's a screenshot:

Hi Lowell,

I think I'm getting your goal, you may try to put and IP for that bridge interface, a usable IP from within the specific network you are trying to bridge

For example: network is 192.168.1.x /24, you can configure the bridge interface IP like this 192.168.1.254 /24 for it to have a connectivity to the network you are trying to bridge. 

Let me know if i got your setup correctly, you can provide us a detailed network setup if possible. thanks

Give it a shot, and let us know how it goes.

Regards,

Rap

Hi Lowell,

I think I'm getting your goal, you may try to put and IP for that bridge interface, a usable IP from within the specific network you are trying to bridge

For example: network is 192.168.1.x /24, you can configure the bridge interface IP like this 192.168.1.254 /24 for it to have a connectivity to the network you are trying to bridge. 

Let me know if i got your setup correctly, you can provide us a detailed network setup if possible. thanks

Give it a shot, and let us know how it goes.

Regards,

Rap