Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 3973 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

vLan(s) on a Bridge - Everything can access everything?

AlanTab

I am having a small challenge with a setup on a Sophos UTM 9.506-2 installation and wondered whether anybody has come across it before?

 

I have a bridge setup (call it Br0) across several interfaces and then a couple Ethernet vLans (call them vLan 2, vLan 3 and vLan 4) on that bridge (each with their respective DHCP servers). The behavior i expected was that clients on the vLan 2 would not be able to connect to a client on vLan 4 without a firewall rule in place. However it doesn't seem to be the case (although client on each vLan do seem to get assigned the right IP address from the pool). This doesn't change even if i put a rule in to drop / reject traffic from between the vLans.

 

Any suggestions?

 

 



This thread was automatically locked due to age.
  • 0

    An update - it turns out that it is web filter causing this behavior (in both transparent and standard modes). Turning it off means that traffic is obeys the firewalls rules ...e.g. it needs a firewall rule to route between clients on different vLans

     

    SOPHOS / other experts here - Is this supposed to happen, or am I missing something?

  • 0 in reply to AlanTab

    This is the normal behavior indeed for UTM. You need to make adjustments in your webfiltering so the VLAN's cannot communicate with each other.

    User Balfson has a good document that can help you get started with this. I think he will also reply to this thread shortly with specific information about this document.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to AlanTab

    As apijnappels suggests, you might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML