Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 5261 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can I add a LAN bypass port to XG V17 Virtual appliance?

john_kenny

So i read that the new XG HW units now have a LAN bypass port available, so I want to find out if there is a way to add an interface on a Virtual Appliance XG v17 unit and set that up as a LAN bypass port?

Surely there must be a way to use the console to do this?  If it can be done i would be ever so grateful if someone could give me the procedure to set this up.

I know there is a way to enable LAN bypass mode in the console but that only works for Bridge mode if i remember correctly, but i need to use Gateway / router mode deployment.

Thanks

 

JK



This thread was automatically locked due to age.
  • 0

    Hi JK,

    I'm going to say no based on my understanding of the bypass function. This KB (https://community.sophos.com/kb/en-us/127940 ) includes the following note: "These allow network traffic to pass even when the UTM is turned off." In short, it's a physical layer feature so unless your underlying hypervisor can mimic such a feature, then no.

     

    It's a feature that's more intended for devices operating in a transparent mode (the UTM running as a transparent content filter for example) that permits traffic to flow even when the hardware is powered down. For a router/gateway application where you are routing between two networks, with or without NAT, itadds no benefit, and in fact could be detrimental as when enabled, packets will pass between networks unmolested. Example would be a NAT'd private network behind a UTM. This bypass kicks in and you could potentially have your PC's grabbing public IPs from your ISP, exposing your equipment to direct attack.

  • 0

    JK,

    only Sophos HW appliances support this feature. The combination is between HW, Drivers and Sophos OS.

    Regards