Goal to setup Sophos as webfilter and vlan isolation for home and guest network,
Shopos is running as a vm wan192.168.1.154 internal 192.168.1.155 on esxi, as is unifi on 192.168.1.62.
192.168.1.0/24 is essentially bridged as security is not a concern.
Vlan Interfaces
- External wan on eth1 192.168.1.153/24 Gw 192.168.1.154 type ethernet
- Internal on eth0 192.168.1.155/24 type ethernet
- Vlan 20 eth1 192.168.2.1/24 type Ethernet vlan
- Vlan 30 eth1 192.168.3.1/24 type Ethernet vlan
Dhcp
- Internal 192.168.1.203 – 253 dns 192.168.1.155 Default GW 192.168.1.155
- Vlan 20 192.168.2.2 – 192.168.2.254 dns 192.168.1.155 Default Gw 192.168.1.155
- Vlan 30 192.168.3.2 – 192.168.3.254 dns 192.168.1.155 Defgault Gw 192.168.1.155
Firewall
- Vlan 20 -> Any
- Vlan 30 -> Any
Masquerading
- Internal Network -> External Wan
- Vlan 20 network -> internal
- Vlan 30 network -> internal
Web filtering
- Allowed: Internal, Vlan 20, Vlan 30
I am very new to this , I appriecate using the “any” option is not ideal but for home its fine and once working I will tighten it up.
I can get internet using 192.168.1.155 as gw and dns on the vlan dhcp, however I think it should be using the vlan ip as dns/gw ?,
However when I turn on guest network on unifi I cant get to the captive portal on 192.168.1.62
I am confused about the following options:
- Vlan interfaces should they be on eth1 wan or eth0
- Should they have a ipv4 default gw if so what should it be
Dhcp
- Dns and Gw what should these be the address of the internal interface or the vlan
Sophos is connected to a Mikrotik switch with Vlan 20 and 30 added to the bridge
I would be gratefull for any suggestions on setting up or improving the setup
Thanks
Jeremy
This thread was automatically locked due to age.
