Perfect video and just what I needed. I setup my Sophos, did the basic install and went to bed (it was early am anyway) Imagine my surprise to wake up and realize Sophos was blocking DHCP. The Mrs was not happy! Lol. Thanks SO Much for at least getting me off the ground with this.
Mainly because it is internal, and DHCP will be blocked when in bridge mode because all traffic is being blocked or filtered. DHCP is not allowed through a wan connection and as the bridge is between the switch and your router, so you need to allow traffic to get a DHCP address. Hope that helps and great question.
Great Video Mike! One question i had is what if the ISP Router and switches are doing a ton of VLANs? Can I have the sophos still be there in the middle with bridge mode with all the VLANs? Thanks!
Good question. The bridge lives on the WAN side of the switches between the ISP modem and your switch. Bridge devices are not VLAN aware as they only filter and protect the actual final connection to the internet. If you are relying on your ISP hardware for VLANs it will not work. You will have to get a different router or use Sophos or pfSense as your router. Hope that helps.
Hi Mike, great videos! Appreciate your effort. Is there a reason, why you haven't created one rule for DHCP allow with LAN and WAN as source as well as destination (min 20ish), meaning you might not have to create two rules.
If I want to integrate a completely new ISP circuit and LAN into an existing XG firewall that already currently has an ISP circuit and another LAN running through it, would I just do what you did in the last part of this video and setup 2 of the XG's ports for this new network, setup the static route to the current router, In/Out DHCP and then just start defining my static hosts and building out any traffic rules? It's technically 1 company I'm planning this for but they have a sub-company with their own portion of the building and are currently on their own network and I want to bring their traffic into the XG for better security. I've done this with virtual domains on the Fortigates but never handled this with a Sophos. The other thing is that this extra company I want to add into the XG already has a firewall with rules so I would want the route through the XG to be bridged only so that's how I found this video.
Hi Mike - i have a Ubiquti UDR router and i want to use the sophos in bridge mode. . My UDR obtains a IP from the cable modem through its WAN port. From the UDR switch, do I connect to the sophos on the LAN or WAN bridge port ? - my thinking is to connect the rest of the LAN to the sophos lan port and from the UDR to the WAN?
Hello, great video thank you. My configuration is slightly different. I've ISP modem>Sophos bridge>Unifi dream machine router/switch. I understand Unifi can't "disable" routing, which is why Sophos needs to be in bridge. But are all the settings and rules you've shown here the same?
As far as know that is true and Unifi can't disable routing. I switch completely to Unifi over a year ago for various reasons so I would be interested in why you you are using Sophos in bridge mode? Thanks for the feedback.
I'm very new to networking, and it's my home setup. My understanding is that in the configuration above Unifi will not connect to the internet if Sophos is in routing mode. It's also my understanding that Unifi firewall is not great. Thus I wanted to put a firewall in between modem and Unifi. Is my approach correct?
@@JP-ou3ht Your understanding is very good. You do not actually have Sophos in bridge mode it is just a much better way to go and much simpler. The only thing I would necessarily agree with is that Unifi is not a good firewall. I switched to Unifi from Sophos and never looked back as long as you keep it current with all the latest features, I believe it is better for most users as the simplicity makes it easier to be secure and lets you easily use things like VLANs. Sophos is powerful but very, very complicated firewall, so many do have a secure configuration. My IT staff at work spend most of their time tweaking Sophos. It is great to learn and mess with, but if you have Unifi hardware, I would start with that. If you look at some of my current videos you will see that I fully converted.
@@MikeFaucherThank you for prompt responses. I will study your other videos. I just happen to have XG 135 Rev 3, so I'm in "why not try it" situation. 😊 I did follow your videeo directions. I set up Sophos as 192.168.1.0 and gateway as 192.168.1.1 (same as my UDM-SE). Again, Modem>Sophos>UDM configuration. My PC that's connected to UDM was able to login to Sophos just fine but UDM kept giving no IP address error. Nothing had internet, including Sophos I think (hard to tell). Thanks and Happy New Year!
Thank for your video and explanations, one questions; in the last part, after creating a bridge interface from GUI, it will be VPN SSL from remote users unavailable? We're trying to insert an XG between an ISP router and ubiquiti dream machine pro. Thanks
In bridge mode you lose the SSL VPN on your sophos device. You could uses a different VPN like OpenVPN on an internal machine but not in Sophos. You will have to use it a a full router to get SSL VPN.
@@MikeFaucher Thanks Mr. Mike, I configured a bridge port including WAN port and various LAN port, so I didn't change gateway mode 'cause customer wants to use ssl/ipsec vpn, tell me what you think about. Thank you very much
Hey Mike. Just installed v18 on an old PC. Seems to be working. I have it sitting behind a switch on a vlan in bridge mode. Everything works and IPs are getting assigned from my vlan controller. v18 of SFOS seems to have brought a few advanced features under the advanced settings in the bridge interface screen. Vlan filters, STP, ARP broadcast I run a Peplink router with 2 AP. I have 5 vlans. I added my vlan tags to vlan filter for the bridge. I went ahead and created an IP group of DHCP server hosts, one for each vlan and untagged LAN and created the inboud/outbound dhcp rules as you show in the vdeo. I think I have it ready to fully test between my main router and the main network switch. Hope vlan traffic will be unimpeded. May have to upgrade my Sophos XG host as it’s an older Intel Core 2 Duo with 4Gb ram. I’m considering a used Dell Optiplex i5 5060 with 8 GB of ram.
Sounds like you made good process. The I5 should be more than enough but remember the free version is limited to 6G of RAM but so far I have never used more than 4 even with heavy filtering and IPS. Good luck and let me how it goes and thanks for the feedback.
@@MikeFaucher Decided to deploy behind main router. Changed the bridge WAN' static IP to same subnet as main router... everything seemed to work initially .. but appleTVs on separate vlan couldn't connect.. noticed firewall rule blocks in the logs for some reason...I believe I had issues with my POE APs as well... wondering if switches need to be rebooted to flush their mac tables... I didnt reboot anything when I initially inlined my bridge to entire network..
@@stephane184 Should not have to reboot but make sure you have the proper firewall rules for your VLANs. I did another video on the walk-through (ruclips.net/video/wI6RPNNuHS4/видео.html) that may help.
The bridge is only accessible through the LAN. Assuming you are bridging port 1 and port 2, Port 2 must have an IP that matches you current router. You will have to manually attach to the bridge (33 min) and create some rules. I would review from 30:00 on and make sure you get all the steps.
Hi Mike. Thanks for the walkthrough. My Sophos firewall was configured in bridge mode. Now my setup has changed and want to configure in gateway mode. how do i do that? The br0 interface can't be deleted
As most is not reusable from the bridge mode, doing a factory reset or a new install is the best way. I just did one about a week ago and it was pretty straightforward. Just go into the firmware section, and on the gear icon on the right you boot with factory defaults..
Hi Mike, this is a brilliant video! I had been looking for such a thing for a while now. Thanks! I do have an issue, I am hoping someone can help with. I have router sitting on the WAN side of the firewall which does the DHCP and has 4 VLANs. The firewall and the router + the switch on the LAN side of the firewall are all in the default main VLAN. I am having issues adding these VLANs to the firewall, how do I "identify them" to apply rules to them? Seems cross-VLAN traffic does not work through the firewall (worked without it). Thanks!
Trying to pass VLANs through a bridge is tricky because as it stands, Sophos does not recognize your VLANs. I am not 100% sure it will work but if you create the VLAN interfaces in Sophos and use a NAT rule to pass the traffic to your ISP router it should work. I wish I could try it for you but I have changed all of my network to Unifi and do not have a Sophos router anymore as it was limiting my bandwith. Hope that helps.
@@MikeFaucher Thanks a lot for taking the time to reply. Your explanation does make sense, perhaps the SophosXG in bridge mode is not the appliance I am looking for then. I have an Omada router which does offer some features, but can mostly be described as basic - thus my desire to add a firewall and get better reporting and control of the network. Thanks again though!
Hi Mike, this is a very helpful video however, we're having issues with our XG230 firewall, we are using VLAN which are created on our networks and we wanted to know if we are going to configure those VLANS in Sophos as well? Because what we experience are some sites that are inaccessible.
Not sure of your configuration and where the XG230 bridge is located on your network. If in between the internet and existing router, then you will not need anything except to make sure there is a firewall rule that allows those VLANs to go out. If you are using it as a regular firewall then you will need to create VLAN interfaces in XG along with a rule. Not sure if that helps as there are many variables.
Thank you for making the video. I setup my firewall and I made port 1 the wan , I have the other 3 ports under the bridge. If I put my computer under any of the 3 ports I am able to go into the web interface from any of the 3 ports. Once I put the cable from my router to the firewall on port 1 wan , I am able to get internet from other 3 ports DHCP works but ,I am not able to access the web interface from the router side or after the firewall side. I have assigned my router a static ip for the firewall wan. I see it in the router. Do I have do more create more rules for the web interface?
The web interface is only available on the lan side but you have to access it with the ip going to the bridge (output of your router, static lan ip of the bridge). Hope that helps.
Hi Mike , thanks for your video , really informative ,please advise how can we configure "gateway mode" similarly, when i plug in the isp cable to the wan port of mini pc for sophos, i dont seem to get an IP. Also i unable to get into the GUI of sophos , appreciate any assistance
Check some of my other videos on setting up in gateway. ruclips.net/channel/UCBqox9okPrHvJNSZxs7ZjYAsearch?view_as=subscriber&query=sophos Thanks for the feedback.
A great video. So great I decided to try Sophos again after giving up a few yeras ago and moving to Untangle which is easy to use but not as good. I have reinstalled it 3 times (Bridge Mode) and after each install it all seems fine with changed password and reboots. I can get to the login page (User Portal after the reboot but it asks me for a user ID which at no stage did I change or use and says login failed.
If you installed it through the wizard if sort of forced you to change the admin password. If it did not make sure you do If you installed it from an existing config the password should not have changed.
@@MikeFaucher Its not the password. I know it always makes me change that. It is the USER ID. I have no idea what that is. I have tried nothing, admin, ADMIN, Admin and the Sophos ID that I had to create to register the software.
To reply to your first question. My network gateway is 192.168.0.1 just as your test so I just had to follow your ones exactly. The box was the one that I used for untangle so the router already had both NIC Mac addresses fixed and picked both Port 1 and Port 2 IP's instantly. It was easy peasy until the reboot after end of the wizard. I am sure I have just missed something. LOVE your videos, great for slow old blokes like me.
@@peterferguson5705 Remember you have to assign a static IP for the sophos bridge mode device, it will not run in DHCP. IF your gateway is 192.168.0.1, then you can set 192.168.0.2 as your device and then access it with that. Remember to you temporarily change your PC to a static address as I showed on the video. Bridge mode is totally reliant on manual settings. Thanks for the feed and I am glad you like the videos. Good luck.
I have used two networks for a long time for isolation as my router has always had the extra NICs but it can be done with VLANs as well. Thanks for the question.
@@MikeFaucher may I have your email because I found your videos very helpful for me and wanted to know more about SOPHOS but I have few questions on mind.
@@MikeFaucher thanks. Yes I tried XG and it allows you to choose the default gateway IP address. Looking forward to migrating to the XG from the UTM soon.
Excellent video, I have question relating to backend / frontend concept. I have purchased two Sophos and I have an existing SonicWall, how can I configure it to work correctly. Now we have unmanaged switch all ISPs links are connected to it and DMZ is created from sonicwall and plugged into this switch. I need to make it work, I have configured bridge mode, and all internet goes off, and in core switch ip route 0.0.0.0 0.0.0.0 goes to inside interface if the sonicwall... Can you help please..?
Very hard to grasp your existing configuration and what you are trying to do. The bridge sits in front of the Sonicwall but it cant be on the DMZ. The bridge has to have an IP and you are just passing through it. If your network is configured to work correctly, then the Sophos should just plug in. Sorry I cant be more help
@@TheHabibalby Sorry to hear that. I would try and make sure that your configuration is working correctly then try the sophos bridge with just one PC and output going to DHCP of your existing configuration so that you can troubleshoot. Good luck and I hope you make some progress.
What you mentioned about the DHCP that is not correct it does not require a firewall rule to pass the DHCP traffic the machine automatically will be assigned with the IP address from the upstream router. To prove what I am saying just check the firewall rule you created to pass the DHCP traffic it will show 0 B in and 0 B out so that rule will never will come into picture.
Unfortunately, this is not true. In a stock installation, the XG firewall blocks all unsolicited traffic on the WAN side from reaching the LAN side. You have to allow dhcp traffic from the wan to the lan otherwise the lan clients will not receive dhcp assignments from the wan side server. That said, it's redundant to make a second dhcp rule allowing it from the LAN to the WAN as the default rule allows all LAN traffic to go out the WAN. I've tested this scenario myself.
Благодарим ви!
Много благодаря. Благодаря ви за дарението.
Perfect video and just what I needed. I setup my Sophos, did the basic install and went to bed (it was early am anyway) Imagine my surprise to wake up and realize Sophos was blocking DHCP. The Mrs was not happy! Lol. Thanks SO Much for at least getting me off the ground with this.
Awesome to hear and thanks for the feedback. Glad you got the Mrs happy again.
Just what im looking for to setup with my UDMPRO. Thanks a lot!
Glad to hear it could help.
Simply put, This is just Awesome! Thanks Mike!
Great to hear! Thank you for the feedback.
This is a great video. Just what I needed. Thanks!
Glad you found it helpful. Thanks for the feedback.
Hi, thanks for awesome explenation. Marry Christmas, God bless you!
Thanks for the feedback and Merry Christmas to you as well.
Great video. It work and helpful to me! Thanks you
Glad it helped! Thanks for the feedback.
Hi Mike, this video is very helpful to me thank you!
Glad it was helpful! Thanks!
Hi Mike, great video thanks, can you explain why the DHCP outbound rule you created isn't covered by the default network Lan to Wan Rule ?
Mainly because it is internal, and DHCP will be blocked when in bridge mode because all traffic is being blocked or filtered. DHCP is not allowed through a wan connection and as the bridge is between the switch and your router, so you need to allow traffic to get a DHCP address. Hope that helps and great question.
Great Video Mike! One question i had is what if the ISP Router and switches are doing a ton of VLANs? Can I have the sophos still be there in the middle with bridge mode with all the VLANs?
Thanks!
Good question. The bridge lives on the WAN side of the switches between the ISP modem and your switch. Bridge devices are not VLAN aware as they only filter and protect the actual final connection to the internet. If you are relying on your ISP hardware for VLANs it will not work. You will have to get a different router or use Sophos or pfSense as your router. Hope that helps.
Thanks for your video!
Glad it was helpful!
Hi Mike, great videos! Appreciate your effort. Is there a reason, why you haven't created one rule for DHCP allow with LAN and WAN as source as well as destination (min 20ish), meaning you might not have to create two rules.
The main reason is to allow all devices to to directly hit your router for only DHCP in one direction, but restrict the inbound to only one IP.
@@MikeFaucher Thanks! I obviously missed that
If I want to integrate a completely new ISP circuit and LAN into an existing XG firewall that already currently has an ISP circuit and another LAN running through it, would I just do what you did in the last part of this video and setup 2 of the XG's ports for this new network, setup the static route to the current router, In/Out DHCP and then just start defining my static hosts and building out any traffic rules?
It's technically 1 company I'm planning this for but they have a sub-company with their own portion of the building and are currently on their own network and I want to bring their traffic into the XG for better security.
I've done this with virtual domains on the Fortigates but never handled this with a Sophos.
The other thing is that this extra company I want to add into the XG already has a firewall with rules so I would want the route through the XG to be bridged only so that's how I found this video.
I would consider using an XG as the only router and utilize VLANs to create the separation. It will be far more efficient and easier to manage.
Hi Mike - i have a Ubiquti UDR router and i want to use the sophos in bridge mode. . My UDR obtains a IP from the cable modem through its WAN port. From the UDR switch, do I connect to the sophos on the LAN or WAN bridge port ? - my thinking is to connect the rest of the LAN to the sophos lan port and from the UDR to the WAN?
Your UDR WAN port will connect to the LAN side of the Sophos bridge, and your Modem to the WAN side of the Sophos bridge. Hope that helps.
Hello, great video thank you. My configuration is slightly different. I've ISP modem>Sophos bridge>Unifi dream machine router/switch.
I understand Unifi can't "disable" routing, which is why Sophos needs to be in bridge. But are all the settings and rules you've shown here the same?
As far as know that is true and Unifi can't disable routing. I switch completely to Unifi over a year ago for various reasons so I would be interested in why you you are using Sophos in bridge mode? Thanks for the feedback.
I'm very new to networking, and it's my home setup.
My understanding is that in the configuration above Unifi will not connect to the internet if Sophos is in routing mode.
It's also my understanding that Unifi firewall is not great. Thus I wanted to put a firewall in between modem and Unifi. Is my approach correct?
@@JP-ou3ht Your understanding is very good. You do not actually have Sophos in bridge mode it is just a much better way to go and much simpler. The only thing I would necessarily agree with is that Unifi is not a good firewall. I switched to Unifi from Sophos and never looked back as long as you keep it current with all the latest features, I believe it is better for most users as the simplicity makes it easier to be secure and lets you easily use things like VLANs. Sophos is powerful but very, very complicated firewall, so many do have a secure configuration. My IT staff at work spend most of their time tweaking Sophos. It is great to learn and mess with, but if you have Unifi hardware, I would start with that. If you look at some of my current videos you will see that I fully converted.
@@MikeFaucherThank you for prompt responses. I will study your other videos.
I just happen to have XG 135 Rev 3, so I'm in "why not try it" situation. 😊
I did follow your videeo directions. I set up Sophos as 192.168.1.0 and gateway as 192.168.1.1 (same as my UDM-SE). Again, Modem>Sophos>UDM configuration.
My PC that's connected to UDM was able to login to Sophos just fine but UDM kept giving no IP address error. Nothing had internet, including Sophos I think (hard to tell). Thanks and Happy New Year!
If you preferred to use the Sophos XG as the DHCP server instead of the ISP modem, would you have to set up a static route on either firewall?
Not really. The DHCP server is mainly for LAN use and does not affect the isp modem.
thanks MIKE
@@issamzgybi9761 Glad you liked it.
Thank for your video and explanations, one questions; in the last part, after creating a bridge interface from GUI, it will be VPN SSL from remote users unavailable? We're trying to insert an XG between an ISP router and ubiquiti dream machine pro. Thanks
In bridge mode you lose the SSL VPN on your sophos device. You could uses a different VPN like OpenVPN on an internal machine but not in Sophos. You will have to use it a a full router to get SSL VPN.
@@MikeFaucher Thanks Mr. Mike, I configured a bridge port including WAN port and various LAN port, so I didn't change gateway mode 'cause customer wants to use ssl/ipsec vpn, tell me what you think about. Thank you very much
@@robbetto9776 No problem, and good luck.
Hey Mike. Just installed v18 on an old PC. Seems to be working. I have it sitting behind a switch on a vlan in bridge mode.
Everything works and IPs are getting assigned from my vlan controller.
v18 of SFOS seems to have brought a few advanced features under the advanced settings in the bridge interface screen.
Vlan filters, STP, ARP broadcast
I run a Peplink router with 2 AP. I have 5 vlans.
I added my vlan tags to vlan filter for the bridge.
I went ahead and created an IP group of DHCP server hosts, one for each vlan and untagged LAN and created the inboud/outbound dhcp rules as you show in the vdeo.
I think I have it ready to fully test between my main router and the main network switch.
Hope vlan traffic will be unimpeded.
May have to upgrade my Sophos XG host as it’s an older Intel Core 2 Duo with 4Gb ram. I’m considering a used Dell Optiplex i5 5060 with 8 GB of ram.
Sounds like you made good process. The I5 should be more than enough but remember the free version is limited to 6G of RAM but so far I have never used more than 4 even with heavy filtering and IPS. Good luck and let me how it goes and thanks for the feedback.
@@MikeFaucher Decided to deploy behind main router. Changed the bridge WAN' static IP to same subnet as main router... everything seemed to work initially .. but appleTVs on separate vlan couldn't connect.. noticed firewall rule blocks in the logs for some reason...I believe I had issues with my POE APs as well... wondering if switches need to be rebooted to flush their mac tables... I didnt reboot anything when I initially inlined my bridge to entire network..
@@stephane184 Should not have to reboot but make sure you have the proper firewall rules for your VLANs. I did another video on the walk-through (ruclips.net/video/wI6RPNNuHS4/видео.html) that may help.
Nice video - somehow, after deployment, I dont get any internent access. Do you know if the br0 is accessible from both ends? WAN or LAN?
The bridge is only accessible through the LAN. Assuming you are bridging port 1 and port 2, Port 2 must have an IP that matches you current router. You will have to manually attach to the bridge (33 min) and create some rules. I would review from 30:00 on and make sure you get all the steps.
@@MikeFaucher Of course I watched the whole video, and somehow it worked after some time, but thanks for getting back to me
@@nixxblikka @dffvb Awesome, glad you got it working. It is not a straightforward piece of software but it is powerful.
Hi Mike. Thanks for the walkthrough. My Sophos firewall was configured in bridge mode. Now my setup has changed and want to configure in gateway mode. how do i do that? The br0 interface can't be deleted
As most is not reusable from the bridge mode, doing a factory reset or a new install is the best way. I just did one about a week ago and it was pretty straightforward. Just go into the firmware section, and on the gear icon on the right you boot with factory defaults..
@@MikeFaucher thank you. I will give it a try
Hi Mike, this is a brilliant video! I had been looking for such a thing for a while now. Thanks! I do have an issue, I am hoping someone can help with. I have router sitting on the WAN side of the firewall which does the DHCP and has 4 VLANs. The firewall and the router + the switch on the LAN side of the firewall are all in the default main VLAN. I am having issues adding these VLANs to the firewall, how do I "identify them" to apply rules to them? Seems cross-VLAN traffic does not work through the firewall (worked without it).
Thanks!
Trying to pass VLANs through a bridge is tricky because as it stands, Sophos does not recognize your VLANs. I am not 100% sure it will work but if you create the VLAN interfaces in Sophos and use a NAT rule to pass the traffic to your ISP router it should work. I wish I could try it for you but I have changed all of my network to Unifi and do not have a Sophos router anymore as it was limiting my bandwith. Hope that helps.
@@MikeFaucher Thanks a lot for taking the time to reply. Your explanation does make sense, perhaps the SophosXG in bridge mode is not the appliance I am looking for then. I have an Omada router which does offer some features, but can mostly be described as basic - thus my desire to add a firewall and get better reporting and control of the network. Thanks again though!
Hi Mike, this is a very helpful video however, we're having issues with our XG230 firewall, we are using VLAN which are created on our networks and we wanted to know if we are going to configure those VLANS in Sophos as well? Because what we experience are some sites that are inaccessible.
Not sure of your configuration and where the XG230 bridge is located on your network. If in between the internet and existing router, then you will not need anything except to make sure there is a firewall rule that allows those VLANs to go out. If you are using it as a regular firewall then you will need to create VLAN interfaces in XG along with a rule. Not sure if that helps as there are many variables.
Can I just delete the bridge again and it will turn back to the configuration before?
Yes, but you will lose some settings and have to create some routing rules. It would almost be easier to wipe and start over as a router.
Thank you for making the video. I setup my firewall and I made port 1 the wan , I have the other 3 ports under the bridge. If I put my computer under any of the 3 ports I am able to go into the web interface from any of the 3 ports. Once I put the cable from my router to the firewall on port 1 wan , I am able to get internet from other 3 ports DHCP works but ,I am not able to access the web interface from the router side or after the firewall side. I have assigned my router a static ip for the firewall wan. I see it in the router. Do I have do more create more rules for the web interface?
The web interface is only available on the lan side but you have to access it with the ip going to the bridge (output of your router, static lan ip of the bridge). Hope that helps.
@@MikeFaucher Thank you Sir , After the patch update my issue got resolved.
Hi Mike , thanks for your video , really informative ,please advise how can we configure "gateway mode" similarly, when i plug in the isp cable to the wan port of mini pc for sophos, i dont seem to get an IP. Also i unable to get into the GUI of sophos , appreciate any assistance
Check some of my other videos on setting up in gateway. ruclips.net/channel/UCBqox9okPrHvJNSZxs7ZjYAsearch?view_as=subscriber&query=sophos Thanks for the feedback.
A great video. So great I decided to try Sophos again after giving up a few yeras ago and moving to Untangle which is easy to use but not as good. I have reinstalled it 3 times (Bridge Mode) and after each install it all seems fine with changed password and reboots. I can get to the login page (User Portal after the reboot but it asks me for a user ID which at no stage did I change or use and says login failed.
Did you give sophos a static IP and did you give your computer a static IP?
If you installed it through the wizard if sort of forced you to change the admin password. If it did not make sure you do If you installed it from an existing config the password should not have changed.
@@MikeFaucher Its not the password. I know it always makes me change that. It is the USER ID. I have no idea what that is. I have tried nothing, admin, ADMIN, Admin and the Sophos ID that I had to create to register the software.
To reply to your first question. My network gateway is 192.168.0.1 just as your test so I just had to follow your ones exactly. The box was the one that I used for untangle so the router already had both NIC Mac addresses fixed and picked both Port 1 and Port 2 IP's instantly. It was easy peasy until the reboot after end of the wizard. I am sure I have just missed something. LOVE your videos, great for slow old blokes like me.
@@peterferguson5705 Remember you have to assign a static IP for the sophos bridge mode device, it will not run in DHCP. IF your gateway is 192.168.0.1, then you can set 192.168.0.2 as your device and then access it with that. Remember to you temporarily change your PC to a static address as I showed on the video. Bridge mode is totally reliant on manual settings. Thanks for the feed and I am glad you like the videos. Good luck.
Hi Mike, we are using 2 networks created by our router, should I create the same rule for the other one?
I have used two networks for a long time for isolation as my router has always had the extra NICs but it can be done with VLANs as well. Thanks for the question.
@@MikeFaucher may I have your email because I found your videos very helpful for me and wanted to know more about SOPHOS but I have few questions on mind.
in Bridge Mode i need one network card or 2 ?
You need Two. One on the WAN and one on LAN
Does XG allow you to choose the IP address 192.168.1.1 when you install it instead of 172.16.16.16?
Yes, it sure does.
@@MikeFaucher thanks. Yes I tried XG and it allows you to choose the default gateway IP address. Looking forward to migrating to the XG from the UTM soon.
@@canadianwildlifeservice8883 Awesome, good luck. Very powerful firewall with a bit of a learning curve.
Excellent video, I have question relating to backend / frontend concept. I have purchased two Sophos and I have an existing SonicWall, how can I configure it to work correctly. Now we have unmanaged switch all ISPs links are connected to it and DMZ is created from sonicwall and plugged into this switch. I need to make it work, I have configured bridge mode, and all internet goes off, and in core switch ip route 0.0.0.0 0.0.0.0 goes to inside interface if the sonicwall... Can you help please..?
Very hard to grasp your existing configuration and what you are trying to do. The bridge sits in front of the Sonicwall but it cant be on the DMZ. The bridge has to have an IP and you are just passing through it. If your network is configured to work correctly, then the Sophos should just plug in. Sorry I cant be more help
@@MikeFaucher thanks, I have tried providing an IP from the same LAN WHRE the sonicwall is placed, but that didn't help neither..
@@TheHabibalby Sorry to hear that. I would try and make sure that your configuration is working correctly then try the sophos bridge with just one PC and output going to DHCP of your existing configuration so that you can troubleshoot. Good luck and I hope you make some progress.
@@MikeFaucher thanks Mike, let me give it a try tomorrow and sure I will get back to you when everything is working fine..
@@TheHabibalby Awesome. Good luck.
What you mentioned about the DHCP that is not correct it does not require a firewall rule to pass the DHCP traffic the machine automatically will be assigned with the IP address from the upstream router. To prove what I am saying just check the firewall rule you created to pass the DHCP traffic it will show 0 B in and 0 B out so that rule will never will come into picture.
Can you reference the section in the video you are talking about so I can clarify it. Firewall rule is required to pass traffic not DHCP. Thanks.
Unfortunately, this is not true. In a stock installation, the XG firewall blocks all unsolicited traffic on the WAN side from reaching the LAN side. You have to allow dhcp traffic from the wan to the lan otherwise the lan clients will not receive dhcp assignments from the wan side server. That said, it's redundant to make a second dhcp rule allowing it from the LAN to the WAN as the default rule allows all LAN traffic to go out the WAN. I've tested this scenario myself.
how can i remove any port from bridge?
If you delete the interface, it will break it apart back to independent ports.