Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 4535 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall on bridged interfaces?

martinh_dk
This might not be possible on Sophos UTM, but here goes...

I've got Sophos UTM Home License is running as VM under Hyper-V.
Virtual interfaces are VLAN'ed in Hyper-V.

I would like to keep all LAN clients on a single /24 subnet - but still transparently separate certain clients from others with firewall rules.
(Since a lot of media devices don't take well to routed subnets)

I thought that I could bridge two interfaces and still use firewall rules between the original interfaces.
(I've done this in the past with m0n0wall).
But as far as I can see, only the bridge (and not the original interfaces) can be used as firewall source/destination afterwards?

Am I missing something? 


Best regards
Martin


This thread was automatically locked due to age.
Parents
  • 0

    But as far as I can see, only the bridge (and not the original interfaces) can be used as firewall source/destination afterwards?

    Am I missing something? 


    Best regards
    Martin


    That is correct! UTM cannot have the physical interface in a rule in the firewall. It always uses the logical interfaces objects (like Internal (Network) and not eth1).
    That way you can use your bridged interface or create new network objects that correspond to the both sides of your bridge (ie. use /25 and not /24) to divide your /24 in two /25 subnets.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0

    But as far as I can see, only the bridge (and not the original interfaces) can be used as firewall source/destination afterwards?

    Am I missing something? 


    Best regards
    Martin


    That is correct! UTM cannot have the physical interface in a rule in the firewall. It always uses the logical interfaces objects (like Internal (Network) and not eth1).
    That way you can use your bridged interface or create new network objects that correspond to the both sides of your bridge (ie. use /25 and not /24) to divide your /24 in two /25 subnets.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?