Allow VLANs to be added to a bridge
This function was available in UTM 9, but it's missing in the new XG Firewalls. I should be able to create a new vlan and add it to a bridge so that it spans multiple physical interfaces. As it is right now, a new vlan can only be added to a single physical port.
In SFOS version 18 it is possible to set a VLAN virtual interface on a pre-existing bridge group.
Find out about the early access program for V18 here: https://events.sophos.com/v18eap
Toby Turner commented
@Sophos is there any update on when this feature will be applied?
Pauli Visuri commented
This should be implemented on sophos XG asap!
If I knew this feature was not implemented in XG, I would have purchased something else. As it is now, I have to either redesign my network or ask for a refund.
A P commented
It's 2019 and this feature request is THREE YEARS OLD.
Why this is not a feature truly boggles my mind. Basic stuff here, fix it!
Was planning a network assuming this was already a feature. After all, why wouldn't it be? Competitors can already do it, why wouldn't Sophos? I'm in the same situation as Mark, two core switches and wanting a redundant network, but need to support vlans. Looking through the options, not seeing it. Guess I'll give a search on how to do so--
only to find out what should be a pretty standard feature is missing. And has been requested for over 2 years and nothing.
I am changing to Sophos xg in campus environment, due to this feature i have to redesign network to use it in different way.
Eric Francoeur commented
Plus 1 vote for this
I agree completely. Please fix this. This is very limiting, waste of time, and frustrating. We just bought a bunch of XG firewalls to replace our UTMs. It now feels like we are going backward. And now I am going to have to rethink network typologies because of these limitations. Switch stacks with dual lines for redundancy. Small satellite office that use a bridge port for a WAP that broadcasts the main network and a guest SSID. Also making us delete the interface to change the type which causes you to loose configurations tied to that interface like DHCP scopes, firewall rules, or other is terrible. How to create more work for everyone.
I spent about 4 hours redoing the network because of this limitation. This is basic stuff ! Please please implement this
VLAN should be independent from interfaces, and applied to those they should be used on.
Patrick Smalley commented
I can easily do this on a SonicWall, Cisco, and others all without having to tear down interface rules if I have to delete and recreate the interface.
Knowing this is an issue somewhat kills the versatility of the Sophos product. I have a customer who now has a bridged interface that wants VLANs. Now I have to eat a whole bunch of time in tearing that out, recreating the interfaces and all of the rules that they have just to do that.
John Woodall commented
This is a major miss by Sophos. Other competing products have done this for a decade.
Derek Froese commented
This screwed me up the other day. I had to redesign the client's network on the fly because of this limitation. The fortinet I replaced could do this no problem.
This is definitely a much needed feature.
I have two core switches, and would like both to be connected to the XG on the same subnet with ability to have VLANs passed.