Sophos Ideas / XG Firewall

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

← XG Firewall

Allow interface port to be configured with just vlans

As it is right now you must assign an ip address to an interface and then add vlans. doesn't allow you to just assign vlans.

273 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Chase Hansen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

22 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Johan commented  ·   ·  Flag as inappropriate

    It seems the focus is elsewhere. Sigh, no Sophos for me until this is fixed.

  • Joshua commented  ·   ·  Flag as inappropriate

    17.5 is released and it's now 2019 still incapable of this, What is going on Sophos?

    Without features and consideration of such things I'll be moving back to Pfsense in the next month. Its only a few forum posts away to see what other corners you cut right off.

  • Leandro Gregorio commented  ·   ·  Flag as inappropriate

    I'm very disappointed with my transition from Pfsense to Sophos XG Firewall layer 8. Starting with a simple firewall rule creation needing to show me a country list.
    My environment have a lot of Vlans (Servers, Cable network, Corporate Wifi(radius), Guest Wifi, Telefony, CCTV) without this feature I think that a lot of users are going to configuring VLANs and DHCP Relay at the switch port.
    Sophos, feedback to your users are important.

  • Jaco commented  ·   ·  Flag as inappropriate

    +1 This "dummy" IP address also gets added as first remote host entry in ovpn config file when trying to vpn to the underlying VLAN adapter, as it's tagged in the same zone.

  • Computer Concepts commented  ·   ·  Flag as inappropriate

    +1. I made the switch to Sophos from Cisco ASAs over the past couple of years. VLAN tagging has been available on that platform for years. This is extremely disappointing, especially when I see that other users have been making a feature request for over 2 years now.

  • cyberzeus commented  ·   ·  Flag as inappropriate

    +1 - IP and L2 services should be orthogonal and not be tied to one another. Furthermore, one can - and often does - use L2 and not need L3 services and vice-versa...never a good idea to tie these together as it limits the possible configs AND provides no benefit...

  • Ian Rogers commented  ·   ·  Flag as inappropriate

    As an extension/byproduct of this allow VLANs on an interface to be configured with IPv4 / IPv6 addresses regardless of if the main interface has them assigned.

    Currently to assign an IPv6 Address to a VLAN, the interface must also have an IPv6 Address

  • James Gillies commented  ·   ·  Flag as inappropriate

    Totally agree with this request. I have been able to do this for years in UTM, create an Ethernet VLAN sub-interface on my (Internal) trunked Interface and away you go - no need to create a dummy IP on the interface itself just to appease the UI logic.

  • Rob Grafton commented  ·   ·  Flag as inappropriate

    This is certainly needed, it is present on the Cyberoam OS, Drayteks, sonicwalls and pretty much everything else it just seems backwards that we need to create a physical port (that does not work) then another wan port on top of that.

  • Bill Roland commented  ·   ·  Flag as inappropriate

    I was baffled to see VLAN tagging is missing, but even Meraki in their woefully simple firewalls allows it.

  • lferrara commented  ·   ·  Flag as inappropriate

    Even VLAN Tagging is missing as wanhafizi wrote. Needed VLAN layer 2 and VLAN TAG per interface.

  • David Rudduck commented  ·   ·  Flag as inappropriate

    We have a number of scenarios were this is required. For the interim we've had to assign a dummy IP address to the main NIC, just so we can add VLANs.

← Previous 1

XG Firewall: Base System + General UI

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.