We do have both of those rules in place and we pretty much took everything that is there after the initial setup and replicated it for each of the vlans/subnets.

do you have a firewall-rule with “Network A” -any-> “Internet IPv4” and do you have the NAT rule “Network A” -> “WAN-Interface”?

Hopefully I’m not to late to the party here but my best friend and I are new to Sophos and have been instead running pfSense for a while now. We have been trying to transfer our networks over to Sophos as it seems like it should be A. Easier to configure/manage and B. A more Feature rich environment.

Now in our networks in our houses we are running our own Active Directory with DNS, DHCP, Exchange,Web Server and a couple of other things thrown in there all virtualized using VMware ESXI and connected to a Cisco 3750 Layer 3 Switch along with our Access Points and the rest of the computers. Now throughout the network we have 7 different VLANs (none of which are vlan1) that are all being intervlan routed by the switch as its a layer 3 switch.

The problem that we’re running into is while all the VLAN’s are able to see the Sophos UTM, their not able to get through the UTM to the internet.

Any help is greatly appreciated.

I used same VLAN numbers 10 and 20, same ip addresses as well. For the switch ports to be connected by other computers, i set native vlan 1 and allowed vlans 10 and 20 as I intend only to connect vlan 10 and 20.

Virtual Box is a client VM-Tol like VMware Workstation, and i think there might be some limitations.

I’m planning to have it tested on an actual Sophos UTM device probably by next week. I’ll try to see if my current configs work, it would probably be that Virtual Box is not ideal as a testing VM.

Hi Emman,

the Cisco Switch has the default native vlan 1. I don’t know your VLAN numbers for marketing and sales. If you have vlan 10 and 20 you need to configure the switch like this:

interface GigabitEthernet 0/x
switchmode mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 10

or you want to tag vlan 10 and 20:

interface GigabitEthernet 0/x
switchmode mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 10 20

if you want to tag vlan 1 you can change the native vlan to a number that doesn’t exist as a VLAN.

I think your problem isn’t the Sophos UTM. Try to configure networks in virtual box (interface 1 = vlan tag 10, interface 2 = vlan tag 20)
and than you configure eth0 with marketing address and eth1 with sales address (no vlan tagging in Sophos UTM). How are you using virtual box? Is it on a linux machine or a windows machine? Virtual Box is a client VM-Tool like VMware Workstation or not?

In a vmware ESX server you just need to configure another vswitch with a vlan tag.

Yes it won’t show up with “Ethernet-Standard” but with “Ethernet-VLAN”, just change the type of the interface.

I’m new to Sophos UTM and did the same set up as above as testing. the difference is I am not connecting to the internet. What I wish to achieve is to connect the Marketing and Sales VLAN’s. But unfortunately was not able to succeed.

I am using the utm on virtual box. and connect to catalyst 3650 switch.
I have 2 nics on my host and works as bridge on the vbox sophos utm.
I had 1st nic to serve as eth0 – internal network
then 2nd nic to serve as eth1 – where I set the Ethernet VLANS (on your example this is eth3)

hope to have some advice regarding my set up.

Bought a cheap NETGEAR DS104 hub off ebay and hooked up a laptop and used NST Live CD and wireshark to figure it out. Also hooked it up after the switch and verified the VLAN tags. Quite interesting seeing the raw packets. (For a home network newbie anyway!)

Now got to sort out a VPN connection, keep me busy a bit longer…

Hi Ian :)

the Unitymedia Interface is my provider, so it is the “WAN” interface. The configured interface with VLAN tag is called “MyNetwork (Network)”, it is a auto-generated non-deletable definition and yes, I just add it to the web protection networks.