Sophos Ideas / XG Firewall

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

← XG Firewall

Allow interface port to be configured with just vlans

As it is right now you must assign an ip address to an interface and then add vlans. doesn't allow you to just assign vlans.

281 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos ID New Sophos ID
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Chase Hansen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

25 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos ID New Sophos ID
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • GAVIN commented  ·   ·  Flag as inappropriate

    Hi. This appears to have been addressed in V18. I am running V18EAP2 presently, and have my Port2 set as unconfigured, and have a Vlan2 on that hardware port set with the PPPOE details of my ISP details

  • PigletJuggler commented  ·   ·  Flag as inappropriate

    I tried working with this product back in April and couldn't believe this was a requirement. I got handed some line about XG using L3 instead of L2 for VLANs... no. You're just being stupid. Do it right. VLANs are L2. L3, where the IP information goes sits on top of that. The physical interface is just that, a physical interface. If I want an IP on a physical interface, I'll assign it an UNTAGGED VLAN. That's how it needs to work with any self-respecting network device.

  • Johan commented  ·   ·  Flag as inappropriate

    It seems the focus is elsewhere. Sigh, no Sophos for me until this is fixed.

  • Joshua commented  ·   ·  Flag as inappropriate

    17.5 is released and it's now 2019 still incapable of this, What is going on Sophos?

    Without features and consideration of such things I'll be moving back to Pfsense in the next month. Its only a few forum posts away to see what other corners you cut right off.

  • Leandro Gregorio commented  ·   ·  Flag as inappropriate

    I'm very disappointed with my transition from Pfsense to Sophos XG Firewall layer 8. Starting with a simple firewall rule creation needing to show me a country list.
    My environment have a lot of Vlans (Servers, Cable network, Corporate Wifi(radius), Guest Wifi, Telefony, CCTV) without this feature I think that a lot of users are going to configuring VLANs and DHCP Relay at the switch port.
    Sophos, feedback to your users are important.

  • Jaco commented  ·   ·  Flag as inappropriate

    +1 This "dummy" IP address also gets added as first remote host entry in ovpn config file when trying to vpn to the underlying VLAN adapter, as it's tagged in the same zone.

  • Computer Concepts commented  ·   ·  Flag as inappropriate

    +1. I made the switch to Sophos from Cisco ASAs over the past couple of years. VLAN tagging has been available on that platform for years. This is extremely disappointing, especially when I see that other users have been making a feature request for over 2 years now.

  • cyberzeus commented  ·   ·  Flag as inappropriate

    +1 - IP and L2 services should be orthogonal and not be tied to one another. Furthermore, one can - and often does - use L2 and not need L3 services and vice-versa...never a good idea to tie these together as it limits the possible configs AND provides no benefit...

  • Ian Rogers commented  ·   ·  Flag as inappropriate

    As an extension/byproduct of this allow VLANs on an interface to be configured with IPv4 / IPv6 addresses regardless of if the main interface has them assigned.

    Currently to assign an IPv6 Address to a VLAN, the interface must also have an IPv6 Address

  • James Gillies commented  ·   ·  Flag as inappropriate

    Totally agree with this request. I have been able to do this for years in UTM, create an Ethernet VLAN sub-interface on my (Internal) trunked Interface and away you go - no need to create a dummy IP on the interface itself just to appease the UI logic.

  • Rob Grafton commented  ·   ·  Flag as inappropriate

    This is certainly needed, it is present on the Cyberoam OS, Drayteks, sonicwalls and pretty much everything else it just seems backwards that we need to create a physical port (that does not work) then another wan port on top of that.

  • Bill Roland commented  ·   ·  Flag as inappropriate

    I was baffled to see VLAN tagging is missing, but even Meraki in their woefully simple firewalls allows it.

  • lferrara commented  ·   ·  Flag as inappropriate

    Even VLAN Tagging is missing as wanhafizi wrote. Needed VLAN layer 2 and VLAN TAG per interface.

← Previous 1

XG Firewall: Base System + General UI

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.