Based on F/W version SFOS 16.01.1
Setup using XG115W



Create a temporary Interface for access


When you create a Bridge interface you will lose access to the ports you add to the Bridge, In order to still allow configuration you need to use one of the unused ports as a local network for configuration.


Create a new network

* From “Configure, Network” menu on the left select Port3 (or Port4)

* Configure the “Network Zone” as DMZ

* Setup an IP Address & Network Mask


blob1477619830818.png


* Select the DHCP Tab at the top of the same screen

* Add a new DHCP Server

* Select the Port you configured in the previous step as the Interface

* Add a start and end IP Address for the DHCP Pool

* Check “Use Interface IP as Gateway”

* Enable “Conflict Detection”


blob1477619851614.png


Connect to the new interface, make sure your device gets an IP Address and that you can access the Web Management interface of the Sophos XG firewall.



Configure the Bridge Interface


Now we will add the LAN port (Port1) and Wireless Interface (SOPHOS) to a Bridge and assign a DHCP server to the Bridge. Once completed we will setup an outgoing Firewall rule to allow internet access from the Bridge segment.


Create a new Network Interface

* From “Configure, Network” menu on the left click “Add Interface”

* Select “Add Bridge”

* Type in a name for the new Bridge

* Under Member Interfaces select the Interfaces you require and select the Zone

(for our example we are using Port1 & Sophos, both will be in the LAN Zone)

* Add an IP Address that will be the Default Gateway address for the Bridge network

* Click Save


blob1477619872437.png


As with the earlier step create a DHCP Server for the new Bridge Interface


blob1477619883919.png


Now we add a Firewall rule that allows traffic from the Bridge interface to anywhere.

* From “Protect, Firewall” menu on the left

* Click “Add Firewall Rule”

* Select “User / Network Rule”

* Add a name and description for the rule

* Select the “Source Zone” as you set in the Bridges Member Port / Zone field

*Leave the remainder of Source / Destination fields as “Any”


blob1477619901080.png


* Under “NAT & Routing” select “Rewrite source address (Masquerading)

* “Use Outbound Address” should be “MASQ”

* “Primary Gateway” should be set as your default Internet gateway (Port2 by default)


blob1477619915649.png


Configure Wireless Settings


Now simply configure the required wireless settings for the Sophos Wireless Network

* From “Protect, Wireless, Wireless Networks”

* Add SSID

* Set the security mode required & PSK

* Set “Client Traffic” to “Bridge to AP LAN”


blob1477619936586.png


You should now be able to connect to the LAN or wireless segment, get an IP Address from the Bridge interface and browse the Internet.