Hello,
first off, I was reading different threads about this, but couldn't find an answer for my case, hence this post.
I have Sophos UTM 9 attached to a Layer 2 switch and the to some Virtual machines.
There is a LAGP enabled in the sophos and the VLANs are created as "Ethernet VLAN" interfaces, so they look like: lag0.10 , lag0.11 , etc.
I have:
VLAN 10 = 10.0.10.0/24
VLAN 11 = 10.0.11.0/24
The Sophos is configured as the GW for every VM in each VLAN, i.e.
VLAN 10: Sophos = 10.0.10.1 VM-10-1: 10.0.10.2 , etc.
VLAN 11: Sophos = 10.0.11.1 VM-11-1: 10.0.11.2 , etc.
Right now 10.0.10.2 can SSH to 10.0.11.2
That means that inter-VLAN routing is enabled.
Please note that I'm using SSH for tests (as well as other ports like FTP) as I'm aware that pings and HTTP are handled differently.
I have the Firewall's Live Log open, and when I pass traffic from one VLAN to the other, I do NOT see it there, but I do see traffic running tcpdump from the command line in the Sophos.
In what way can I restrict traffic between VLANs attached to different sub interfaces (lag.10, lag.11, etc) but to the same "lag0" interface (LAGP) ?
thanks.
This thread was automatically locked due to age.
