Pfsense + Sophos XG in Bridge Mode (VM ESXi 6.5)

Ji,

why do you think you need two firewalls in tandem?

You will need a 3rd nic on the XG to be able to access the management functions.

What rules do you have in place?

Ian

Hi rfcat_vk,

I am using Pfsense as my firewall and just want to use Sophos XG for the Web filtering and reporting side of things..

I have a LAN to WAN rule any-any rule in place on XG...this was done during the setup of the bridge-mode.
I'll probably have to see if there is anything being blocked on the FW?

I can post some screenshots a bit later on..

I can access the Sophos Admin GUI via the IP address assigned to the bridged interface (192.168.1.18) or can see the console in VMware ESXi.

Cheers pdaemon

I had the same issue with XG MR5 and MR 6 on Esxi 6.5. I changed over to XEN Server and it worked perfectly. I suspect that its an issue with Exsi 6.5, however I couldn't afford to spend too much time figuring it out. I know this doesn't add much but it may give some clue where to look. I do look forward to hearing if you solve the problem because it caused me untold hours of headaches.

 - Nick

something else to test. Currently have a 6.5 vmserver doing nothing.

Ian

Hi NickKeene,

Thanks for the reply and good (but not good!) to hear I'm not the only one that's had the same problem.

I'm going to do some more investigation shortly.

Cheers pdaemon

Hi rfcat_vk,

Looking forward to seeing if you find anything....maybe it's just something really simple we're missing!

Cheers pdaemon

Hi rfcat_vk,

Increased RAM to 4GB and put ANY-ANY FW rule in place and still no difference.

I have also flushed all ebtables rules just in case there was something there, but nothing...

Cheer pdaemon

As per the packet-capture logs it would seem that XG did not receive any packets , So the issue lies with the client -> XG. You may need to check if the traffic is not diverted to another system instead of XG . Check the Mac address instead of host address of the arp table on your system.

Hi Aditya,

Thanks for the suggestion...I'll see what I can find.

Cheers pdaemon

Please let me know if you still want me to try the VM setup?

I think Aditya's suggestion sounds like the answer, not a VM XG issue.

Ian

Hi rfcat_vk,

I have checked and I couldn't see anything out of the ordinary in regards to the ARP tables on the box that the traffic was coming from.

I did notice on the XG FW log that some traffic such as request to external DNS were going out of br0 IP when the requests should have been going out on Port2?

If you have a spare moment then it would be great if you could give the VM setup a go and see if you get the same thing or it just works for you.

I am also testing the Sophos XG bridge mode using KVM to see if that makes any difference so I'll let you know how that goes. If you get this working with VMware, I'll switch back as I would prefer to use ESXi..

Thanks!

Cheers pdaemon

Hi,

all requests should be going out the br0 that is why you have setup the bridge network.

I think you missed a point about the traffic not getting to the XG, something in your network is directing the traffic elsewhere.

Ian

Hi,

all requests should be going out the br0 that is why you have setup the bridge network.

I think you missed a point about the traffic not getting to the XG, something in your network is directing the traffic elsewhere.

Ian

I have the exact problem. Traffic is not being redirected to else where. Enable "Allow Promiscuous Mode" on vSwitches attached to both VMs fixed it.