At the moment, there is no way to disable/enable an interface inside SFOS.
Strange!Even using CLI menu.
This is a high priority feature, and will likely be targeted as soon as possible after v17 ships, though it is not yet committed to a release.
high priority feature? and nothing happened in 6 years? do not want to imagine what happens with a normal feature request.
Hi Sophos, come on it´s a high priority feature and nothing happens? Serious?
Hi Sophos - this is a very neccessary feature for the XG, even a Fritz!Box can disable a specific LAN port. It would be very great if you can implement this feature in one of the next updates.
Hey Sophos, are you serious? High Priority feature, that hasn´t been included for years? SFOS is still not an alternative to UTM. Sorry guys, that´s really bad, that such a simple thing is not there. Makes migrations difficult. Not a pro Sophos argument here...
Another vote for this. We have several sites with redundant WAN connections, and get flooded with emails if one of them has an issue and flaps up and down. It would be great if we could just disable the interface until the carrier can resolve the issue. This seems like it should be a pretty basic function.
Sophos (Astaro) UTM firewall has advanced featured that the XG seems that it lack like being to disable the VLAN interfaces, disabling additional addresses on external interfaces or the so called Alias on XG. The ability to change the interface to be strictly a vlan interface or and Ethernet interface like on the UTM which is not a mixed breed interface like the XG. Seems that technology in one product is not to be able to be integrated into a so called better product XG and then try to get people to migrate to it .
"High priority feature" he said. "as soon as possible after v17 ships" he said...
Wow 3 years later and v18 is out and still a problem. Here is a scenario happened to me on 3 XG 125 devices. You sign in to the Sophos device via the WAN interface and delete the LAN bridge and good bye you cannot access the device anymore, you have to factory reset the device. Tried the CLI command up/down interface assigning IP but sad story none works.. Good on you Sophos :S
Antonio Cienfuegos commented
Yes but its not permanente and its not supported. If somehow the XG reboots because of a failure or anyother reason, the interface will come up again.
ain't this already possible by using ifconfig <interface> down/up command?
please put on the roadmap!
This is in an other Request: https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/10615068-enable-disable-interface
Phil Brett commented
Additionally "Alias" enable/disable would be ideal as it is supported in UTM as well as interface enable/disable. This allows for preconfiguration of all Webserver and NAT policies when configured alongside UTM (or other firewall) ready for transition to XG.
Mohammed Elglaind commented
any update ?
This has been an issue since 2015?! Wow...
We migrated from fortigate to sophos due to cost and now we understand what we are missing
The ports under network must be able to disable or switch administratively up/down will be a added advantage.
Is there still no way to release and renew the WAN IP? many ISP's periodically refresh the IP assigned and, in my case, the appliance will not release the old IP and it is essentially causes the interface to appear as failed.
I simple poke to the INT port would be enough to tell if the port was down and then cause it to do an DHCP renew.
anything would be better than what is currently in place