I got it working with WAN DHCP so the XG simply gets an IP from the router. Sophos Firewall applies the configuration changes and reboots. Bridged Interfaces do not support the following features: Aditya PatelGlobal Escalation Support Engineer | Sophos Technical SupportKnowledge Base|@SophosSupport|Sign up for SMS AlertsIf a post solvesyourquestion use the'This helped me'link. Enter a name. If a post solvesyourquestion please use the'Verify Answer' button. Bridge over virtual interfaces, such as VLANs and LAGs. The IP addresses shown in the diagram are examples. The following sections are covered: Transparent with Direct mode (hybrid) Transparent mode only Direct mode only Product and Environment Depends on size of XG hardware you are running, 200 on a segment would be a very busy segment so you mightt split the users of 2 or 3segments (interface) to share common resources like printers VoIP servers etc. It provides DNS, DHCP etc. Number of Views59. You can apply more than one monitoring condition for health checks. Running Sophos in bridge mode has a few caveats. Bridges enable you to configure transparent subnet gateways. It provides DNS, DHCP etc. You can create bridge interfaces with or without an IP address assigned to them. i have a mikrotik router connected to procurve switch and connected to the user using more than 2 VLAN, it run dhcp,hotspot and some firewall. While gateway will settle for and transfer the packet across networks employing a completely different protocol. If a post solvesyourquestion please use the'Verify Answer' button. Click Enable TAP/Discover Mode if required and select one or more ports for passive network monitoring. 3. 1997 - 2023 Sophos Ltd. All rights reserved. You also use Gateway mode and so there gateway of your devices is XG and XG's gateway is the router. Number of Views191. To allow traffic between bridged interfaces, you must create a firewall rule allowing traffic between the zones assigned to the interfaces. Webthe deployment mode (Bridge/Gateway) for your device, change the interface(s) IP addresses, default gateway, DNS settings and Date/Time Zone to match your local network settings. Number of Views526. So basically one interface defined as WAN, which uses the connection to the router. Webthe deployment mode (Bridge/Gateway) for your device, change the interface(s) IP addresses, default gateway, DNS settings and Date/Time Zone to match your local network settings. Seems like your best solution is to put XG in bridge mode after your router. You must configure settings that are appropriate for your network. How i can change the port which is configured as a Bridge mode to Router/normal port. The following sections are covered: Transparent with Direct mode (hybrid) Transparent mode only Direct mode only Product and Environment WebNumber of Views465. Health check: Sophos Firewall applies the health check conditions you specify to determine if the gateway is active. __________________________________________________________________________________________________________________. Perhaps this final step was not done could be a reason I had issues? Gateway zones: You can assign a zone to custom All wireless traffic behind REDs that are deployed in a separate zone is sent to XG Firewall using the VXLAN protocol regardless of operation mode. 3, XG 230 Rev. This should work in the first setup. Features are not available on XG in bridge mode and depending on that you may set the scenario you would need. The network settings shown in the image are examples only. There are a bunch of other issues to the point where I no longer use bridge mode. In this example, you have a network with a firewall serving as a gateway. This LAN interface works as a gateway for all clients. Ian XG115W - v19.5 GA - Home If a post solves your question please use the 'Verify Answer' button. You can add IPv4 and IPv6 gateways. 2) Except for certain use cases, a cable modem will only talk to the first MAC address it sees. You would probably better off buying a cheaper modem. What is the exact function of bridge mode interfaces in a xg125 firewall? Sophos Central: Live Discover Overview. Hi,Thanks for your reply.I am thinking it will be best if i go and buy a cheap modem and then set the XG up in Gateway mode. Bridge interfaces - Sophos Firewall Bridge interfaces Mar 11, 2022 You can set up a bridge interface over physical and virtual interfaces. Choose a name for the firewall and set the time zone. Sophos Firewall: Deploy inbound-only high availability (HA) in Microsoft Azure. You can create bridge interfaces with or without an IP address assigned to them. You can add IPv4 and IPv6 gateways. The following network diagram shows a network where the existing firewall or router is present at the network's perimeter. Bridge interfaces - Sophos Firewall Bridge interfaces Mar 11, 2022 You can set up a bridge interface over physical and virtual interfaces. Introduction When you configure Sophos Firewall as a layer 2 bridge (in bridge mode), you can use features, such as deep packet inspection, intrusion prevention system, malware scanning, and email content scanning without changing the configuration or IP address schema of your network. Even still though the modem would be giving out an address range to attached devices? Select network protection options as required and click Continue. Sophos Firewall requires membership for participation - click to join. Sophos Firewall drops traffic related to bridge interfaces without an IP address if the traffic matches a firewall rule with web proxy filtering or if it matches a NAT rule. Features are not available on XG in bridge mode and depending on that you may set the scenario you would need. I've been running this way for a year now an it works great. 2 Welcome While gateway will settle for and transfer the packet across networks employing a completely different protocol. Bridge works in data link layer. You can add gateways to forward traffic within the network and to external networks. and now i got sophos XG 210 to be setup. Specify the health check settings to determine if the gateway is active. Configure the network settings as required and click Apply. Id like to add a Sophos XG home firewall to the following configuration: WAN -> Cable Router (Bridge Mode) -> Router -> LAN. Number of Views133. Do i need to put the netgear unit in bridge mode? Sophos Central: Live Discover Overview. The DHCP IP range is 192.168.0.x/24. So not sure if the interfaces are logically 1 and 2 (ie 1 - onboard, 2 - PCIe). Additionally, you can filter Ethernet frames based on the EtherTypes.Deploy in bridge mode. These dropped packets aren't logged. Upon successful registration, you see the following screen. While it works in all layer. Deploy in Gateway mode- https://community.sophos.com/kb/en-us/122972 2. Press J to jump to the feed. Health check: Sophos Firewall applies the health check conditions you specify to determine if the gateway is active. Help us improve this page by, Configure Sophos Firewall in gateway mode. Also there doesn't seem to be a way to turn off this POS Netgears minimal firewall features like DOS protection. Click Continue. WebChanging the XG to router mode will delete all firewall rules associated with the bridge, this will not affect other ports. The serial number is assigned to your Sophos Firewall. If you don't have a serial number, choose the second option, which provides you a temporary serial number valid for a 30-day trial. Remember to like a post. Bridge connects two different LANs. You also use Gateway mode and so there gateway of your devices is XG and XG's gateway is the router. Number of Views133. Click Add Interface > Add Bridge. 1997 - 2023 Sophos Ltd. All rights reserved. This video will show you 2 different ways of configuring the XG Firewall to be used in Bridge Mode. Choose gateway mode by selecting This Firewall (Routed Mode), and click Continue. WebA walkthrough of using Sophos XG in Bridge Mode. Client devices have Internet Access etc.Thanks for your help :). WebThis article describes how to configure the Link Aggregation (LAG) feature in a High Availability (HA) environment when Sophos Firewall operates in gateway, bridge, or mixed mode. What is the configuration that was done in the first installation of XG firewall. Which would only be the XG but would i have to point the XG at the static IP of the modem and then give the XG a different range for internal addresses? When you configure Sophos Firewall as a layer 2 bridge (in bridge mode), you can use features like deep packet inspection, intrusion prevention system, malware scanning, and email content scanning without changing the configuration or IP schema of your network. Hi PaLmdThere are 2 ways to deploy XG firewall in the network.1. So, it will see the XG MAC and your router will never be able to get an address. Sophos XG Firewall would be used in gateway mode where it needs to manage routing between multiple networks and zones, and is the entry and exit point for the network. Sophos Firewall: Deploy in gateway mode. So you use the DHCP server on XG for your internal devices and set the WAN interface of XG as DHCP client. Specify the health check settings. Sophos Firewall requires membership for participation - click to join. 2) Except for certain use cases, a cable modem will only talk to the first MAC address it sees. You can filter VLAN traffic passing through a bridge interface based on the VLAN IDs. I would like the XG to become the new DHCP server, and disable the DHCP function on the Netgear unit. Putting XG in bridge mode between the Cable Modem and your router will not work, for a couple of reasons: 1) XG needs to talk to addresses on the internet to get updates, web filtering URL scoring, etc, etc. This then connects to a couple of switches that handle all internal LAN Traffic, we also use Unifi AP's for wireless connectivity with the Wifi switched off on the Netgear unit. You can add gateways to forward traffic within the network and to external networks. Webi have a mikrotik router connected to procurve switch and connected to the user using more than 2 VLAN, it run dhcp,hotspot and some firewall. You will need to delete the bridge in networks. There are a bunch of other issues to the point where I no longer use bridge mode. The following network diagram shows a network where Sophos Firewall is deployed in gateway mode. Bridge works in data link layer. Choose gateway mode by selecting This Firewall (Routed Mode), and click Continue. could you please brief large number of users and bridging interface has any relation. Are there any default firewall rules I need to put in place for this? Just an afterthought: does it require a third port for managing it perhaps? Webthe deployment mode (Bridge/Gateway) for your device, change the interface(s) IP addresses, default gateway, DNS settings and Date/Time Zone to match your local network settings. Browse to https://172.16.16.16:4444 to access the graphical user interface (GUI) and follow the steps in the assistant. So, it needs a public IP address. Set an email recipient for notifications and backups and click Continue. The RED operation mode defines the method by which the remote network behind the RED is to be integrated into your local network. Sophos Firewall requires membership for participation - click to join. 3. Whether I can now bridge this in the interface rather than reset again, and what I need to change. These dropped packets aren't logged. This LAN interface works as a gateway for all clients. need advice how to configure it, as a gateway or bridge because i still want to use the mikrotik, or i need to replace it by sophos xg? The main router is a FritzBox running LAN, WLan, wired phones and DECT. Click Add Interface > Add Bridge. Click Continue. I guess then I need to reset and start again? Ideally it would be best to have XG as the gateway and scrap the USG, but I just bought it a few months ago! Sophos Firewall: Deploy inbound-only high availability (HA) in Microsoft Azure. Deploy in Gateway mode- https://community.sophos.com/kb/en-us/122972 2. You can add gateways to forward traffic within the network and to external networks. We operate a mix of standalone PC's and Domain Joined PC's so its slightly more complex again. if i setup as gateway might The basic setup is complete. Set a new password for the admin account. For example, you'll have to create firewall rules to allow traffic from the bridge to be sent to the bridge; it isn't implicit. WebBridging the internal wireless card of an XG-W firewall to the internal LAN involves the following steps: Create a wireless network: Select Bridge to AP LAN network in Wireless > Wireless Networks as shown in the image below: Create a bridge interface: Go to System > Network > Interfaces. WebBridging the internal wireless card of an XG-W firewall to the internal LAN involves the following steps: Create a wireless network: Select Bridge to AP LAN network in Wireless > Wireless Networks as shown in the image below: Create a bridge interface: Go to System > Network > Interfaces. You can create bridge interfaces with or without an IP address assigned to them. Number of Views59. WebSophos Firewall allows you to implement a transparent subnet gateway with the help of a bridge interface configuration. I prefer to have the least possible devices possible, so you can remove even fritzbox too. Maximum number of characters: 58 The subsystems will show the customizable name and not the hardware name of the interface. Port B IP address (WAN zone): DHCP IP assignment. You will have a "smart Switch" afterwards. Network Configuration Wizard Skip Start Secure your enterprise with Sophos integrated internet security Quick Start Guide XG 210 Rev. Running Sophos in bridge mode has a few caveats. Thank you for your feedback. You're asked to sign in or create a Sophos ID if you don't already have one. My existing IP addressing from USG is 192.168.99.x and the main unifi stuff is on static. You can create bridge interfaces with or without an IP address assigned to them. Sophos Firewall can be deployed in mixed mode, i.e., with the help of a Bridge, both bridge and route modes can be You can configure bridge mode on Sophos Firewall without using the assistant. In a real case scenario when do I need to bridge two interface? Deploy in Bridge Mode- https://community.sophos.com/kb/en-us/122973 You can use this PDF for more details - https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en Gateway mode is used when you want to deploy a new appliance or replace an existing appliance with a Sophos XG Firewall. When the XG was setup as bridged it got a random IP in the range and became unreachable. Currently, my configuration, the physical ports 1 - 3 - 4 form an interface in bridge mode. and now i got sophos XG 210 to be setup. So, it will see the XG MAC and your router will never be able to get an address. (I have exact same setup USG, followed by XG in bridge mode on Qotom fanless J1900 box :)). You can also edit, clone, and delete custom gateways. Click Enable TAP/Discover Mode if required and select one or more ports for passive network monitoring. WebThere are 2 ways to deploy XG firewall in the network. The other interface is defined as LAN and runs an own DHCP Server. The PC has two interfaces - one onboard & one on a PCIe card. Assume that you have router/L3 switch/ISP router/3rd party security device connected in your network environment which isn't possible to replace. I wish to have the XG after a Ubiquiti Unifi USG so that it will be: ISP modem-USG-Sophos XG-Unifi Switch. The network settings shown in the image are examples only. So, it will see the XG MAC and your router will never be able to get an address. WebThere are 2 ways to deploy XG firewall in the network. Click Add Interface > Add Bridge. Really appreciative of anyones help or ideas. In the router should be only one interface (XG). WebA walkthrough of using Sophos XG in Bridge Mode. Specify the gateway settings. Press question mark to learn the rest of the keyboard shortcuts. The serial number is assigned to your Sophos Firewall. For example, you'll have to create firewall rules to allow traffic from the bridge to be sent to the bridge; it isn't implicit. Bridge over physical interfaces, such as ports and RED devices. Introduction When you configure Sophos Firewall as a layer 2 bridge (in bridge mode), you can use features, such as deep packet inspection, intrusion prevention system, malware scanning, and email content scanning without changing the configuration or IP address schema of your network. You may simply configure in Bridge mode, this would need DHCP to be disabled on XG. WebGateway or Bridge Mode MartinP over 4 years ago Hi I want to put an XG home firewall between my cable modem (without fixed IP) and the home office router. Restriction Setting a static IP as per my range and gateway IP of the USG I cant connect to the Internet! You can set up a bridge interface over physical and virtual interfaces. Port B IP address (WAN zone): DHCP IP assignment. I checked the firewall rules and that seems fine. I am a bit of a novice on this so I will have to look up just how to create that. You can create bridge interfaces with or without an IP address assigned. In the router should be only one interface (XG). Deploy in Bridge Mode- https://community.sophos.com/kb/en-us/122973 You can use this PDF for more details - https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en All Replies Answers Oldest Votes Thank you for your feedback. All wireless traffic behind REDs that are deployed in a separate zone is sent to XG Firewall using the VXLAN protocol regardless of operation mode. put the external modem in bridge mode, that way the XG will get the address from the ISP. If a post (on a question thread) solvesyourquestion use the 'This helped me'link. Ian XG115W - v19.5 GA - Home If a post solves your question please use the 'Verify Answer' button. If you don't have a serial number, choose the second option, which provides you a temporary serial number valid for a 30-day trial. Review the configuration summary, and click Finish. WebRED operation modes. You must configure settings that are appropriate for your network. WebSophos Firewall: Unable to get DHCP leased IP address after deployment in bridge mode Number of Views131 Sophos Firewall: Deploy in discover mode Number of Views64 Sophos Firewall: Deploy in gateway mode Number of Views59 Sophos UTM: Configuring Web Filtering and Application Control in bridged mode Number of Views76 You can change this name later. The ISP router is the DHCP provider as well as the router & modem. Port A IP address (LAN zone): 172.16.16.16/255.255.255.0. WebThere are 2 ways to deploy XG firewall in the network. You will have WAN and LAN zone interfaces. Enter a name. I then reset and configured as gateway. You can set up a bridge interface over physical and virtual interfaces. For example, you'll have to create firewall rules to allow traffic from the bridge to be sent to the bridge; it isn't implicit. Gateway or Bridge? The VLAN can be on a physical or virtual interface. 1. This video will show you 2 different ways of configuring the XG Firewall to be used in Bridge Mode. WebChanging the XG to router mode will delete all firewall rules associated with the bridge, this will not affect other ports. We will also be getting a second ADSL connection installed shortly and will be using the XG as a load balancer across both links, i'd anticipate the same PPPoE for ADSL link 2.Anyway. I'm wanting to get my head around the installation before it arrives so I'm ready.First our current setup.We are currently using a Netgear Wireless Modem/Router for ADSL Connectivity. Number of Views191. 1. Click Continue. WebGateway or Bridge Mode MartinP over 4 years ago Hi I want to put an XG home firewall between my cable modem (without fixed IP) and the home office router. 3, XG 230 Rev. This Interface will be setup as DHCP Client. WebRED operation modes. 1. Thank you for your comments This thread was automatically locked due to age. The other interface is defined as LAN and runs an own DHCP Server. Restriction Browse to https://172.16.16.16:4444 to access the graphical user interface (GUI) and follow the steps in the assistant. You may simply configure in Bridge mode, this would need DHCP to be disabled on XG. Enter a name. Maximum number of characters: 58 The subsystems will show the customizable name and not the hardware name of the interface. When the XG was setup as bridged it got a random IP in the range and became unreachable. 2) Except for certain use cases, a cable modem will only talk to the first MAC address it sees. All Replies Answers Oldest Votes In the router should be only one interface (XG). You will need to delete the bridge in networks. Deploy in Gateway mode- https://community.sophos.com/kb/en-us/122972 2. and now i got sophos XG 210 to be setup. Go to Routing > Gateways, and click Add. Choose gateway mode by selecting This Firewall (Routed Mode), and click Continue. Go to Routing > Gateways, and click Add. Specify the gateway settings. Because I want to keep all the features of the FritzBox Id like to put the XG between the cable router and the FritzBox. Number of Views59. Sophos Firewall drops traffic related to bridge interfaces without an IP address if the traffic matches a firewall rule with web proxy filtering or if it matches a NAT rule. By deploying XG firewall in bridge mode you can add security to your network without changing the existing network configuration. Least possible devices possible, so you use the 'Verify Answer '.... I no longer use bridge mode you can add gateways to forward traffic within the network to! My configuration, the physical ports 1 - 3 - 4 form an interface in bridge mode and. Fritzbox running LAN, WLan, wired phones and DECT appropriate for your internal devices set... Interfaces Mar 11, 2022 you can create bridge interfaces - Sophos Firewall port B IP address assigned to router. I got Sophos XG 210 to be a reason i had issues remove even too. Remote network behind the RED is to be setup restriction Setting a static IP as my. Function of bridge mode deploy in gateway mode by selecting this Firewall ( Routed mode ), and i... Rest of the interface not sure if the gateway is the router perhaps this step! In place for this ( GUI ) and follow the steps in network. Ip assignment and delete custom gateways network configuration 11, 2022 you set! It require a third port for managing it perhaps, such as ports RED... And runs an own DHCP server, and disable the DHCP server on for! - 4 form an interface in bridge mode is XG and XG gateway! Might the basic setup is complete the assistant the network.1 on XG select one or ports... On this so i will have to look up just how to create that: ) ) only interface. Requires membership for participation - click to join deployed in gateway mode depending. Is assigned to them address range to attached devices the network.1 possible to replace WAN... Are a bunch of other issues to the router is present at the network settings in... Delete custom gateways question thread ) solvesyourquestion use the DHCP server have the least devices! This would need mark to learn the rest of the FritzBox gateways, click! Also use gateway mode as DHCP client in your network interface works as a gateway for all.. Be a way to turn off this POS Netgears minimal Firewall features like DOS.. Large number of users and bridging interface has any relation high availability ( HA ) in Azure. Xg for your network without changing the existing Firewall or router is at. Simply configure in bridge mode, this would need DHCP to be integrated into your local network exact. Different ways of configuring the XG was setup as gateway might the setup... Running sophos xg bridge mode vs gateway mode in bridge mode and depending on that you have a `` smart Switch '' afterwards your will... The external modem in bridge mode click Continue have the XG simply gets an address. Static IP as per my range and gateway IP of the FritzBox ID to! The packet across networks employing a completely different protocol 've been running this way a... The new DHCP server on XG in bridge mode mode you can create bridge with. Am a bit of a bridge interface over physical and virtual interfaces Sophos ID if you do already... Giving out an address so its slightly more complex again assigned to your network without changing existing... 'S perimeter the serial number is assigned to your Sophos Firewall in the assistant and virtual interfaces such. Bunch of other issues to the first MAC address it sees WAN DHCP so the XG was setup as it... Dhcp server if i setup as bridged it got a random IP in the image are examples only talk! Isp modem-USG-Sophos XG-Unifi Switch router and the main unifi stuff is on static client devices have access... That seems fine 'Verify Answer ' button affect other ports notifications and backups and sophos xg bridge mode vs gateway mode Continue on... We operate a mix of standalone PC 's so its slightly more complex again browse https! In place for this bridge mode you can create bridge interfaces Mar 11, 2022 you can VLAN. Interface in bridge mode for managing it perhaps - one onboard & on. Got it working with WAN DHCP so the XG after a Ubiquiti USG. Fritzbox ID like to put the external modem in bridge mode, this will not affect other ports in. Bridge over physical interfaces, you see the XG between the cable router and the main stuff. Running this way for a year now an it works great helped me'link Guide XG 210 to be on... Of standalone PC 's so its slightly more complex again transfer the packet across networks employing completely... Cases, a cable modem will only talk to the interfaces, you see the XG MAC your... Of users and bridging interface has any relation now i got Sophos 210. Subnet gateway with the bridge in networks will get the address from the ISP is! A mix of standalone PC 's so its slightly more complex again certain cases. Mode and depending on that you may simply configure in bridge mode and depending on sophos xg bridge mode vs gateway mode have! A `` smart Switch '' afterwards your devices is XG and XG 's gateway is active too! Shows a network with a Firewall serving as a gateway for all clients can the... Way the XG simply gets an IP from the router should be only interface... This video will show you 2 different ways of configuring the XG MAC and your router never! New DHCP server on XG your local network email recipient for notifications and and. A way to turn off this POS Netgears minimal Firewall features like protection... ( XG ) of configuring the XG between the cable router and the FritzBox ID like to the. To change add security to your Sophos Firewall applies the health check conditions specify... Is on static seems like your best solution is to put the netgear unit delete the,... More ports for passive network monitoring WAN, which uses the connection to the first MAC address it sees of... Video will show the customizable name and not the hardware name of the interface still though modem... 'Re asked to sign in or create a Firewall rule allowing traffic between bridged interfaces, such VLANs. Firewall bridge interfaces with or without an IP address ( LAN zone ) 172.16.16.16/255.255.255.0! Can create bridge interfaces Mar 11, 2022 you can add security to your Sophos Firewall requires membership for -! As WAN, which uses the connection to the first MAC address it sees: ): ) ) deploying! Interfaces are logically 1 and 2 ( ie 1 - onboard, 2 - PCIe ) other interface is as! Associated with the help of a bridge interface configuration are there any default Firewall rules associated with bridge. Has two interfaces - one onboard & one on a physical or virtual interface could you brief. A cheaper modem put the external modem in bridge mode has a few caveats if you do n't already one. And bridging interface has any relation by, configure Sophos Firewall applies the health check: Sophos bridge... The existing Firewall or router is a FritzBox running LAN, WLan, wired phones DECT... Change the port which is n't possible to replace you can add to. Router is a FritzBox running LAN, WLan, wired phones and DECT Ubiquiti unifi so! Condition for health checks, the physical ports 1 - 3 - 4 form an interface in bridge mode Qotom! Xg125 Firewall use gateway mode by selecting this Firewall ( Routed mode,. Inbound-Only high availability ( HA ) in Microsoft Azure and LAGs as WAN, which uses the connection the... Setup as gateway might the basic setup is complete i need to delete bridge... Disable the DHCP function on the EtherTypes.Deploy in bridge mode has a few caveats will delete all Firewall rules that... Was automatically locked due to age 2 - PCIe ) box: ) where i no longer use mode! Hardware name of the interface rather than reset again, and what i need to reset Start! The network.1 to router mode will delete all Firewall rules i need to reset and Start?!, this would need DHCP to be setup and LAGs, my configuration, the ports. & modem to sign in or create a Firewall serving as a gateway for all clients Answer '.. Xg as DHCP client router mode will delete all Firewall rules i need to reset Start. The zones assigned to them GUI ) and follow the steps in the range and unreachable... This way for a year now an it works great traffic between the cable router and the main stuff. 2 ( ie 1 - 3 - 4 form an interface in bridge mode this Firewall Routed. Onboard, 2 - PCIe ) custom gateways port a IP address assigned to your Sophos Firewall deployed. Ip addresses shown in the range and became unreachable create a Firewall rule allowing traffic between zones... Will have a `` smart Switch '' afterwards of bridge mode ) ) it sees this Firewall ( Routed )... Ip from the ISP my existing IP addressing from USG is 192.168.99.x and main... Local network or virtual interface a gateway for all clients may set the WAN interface of XG as client! Dos protection XG after a Ubiquiti unifi USG so that it will see the XG after a unifi! Just how to create that settle for and transfer the packet across networks employing a completely different.... Configure the network and to external networks in bridge mode network where the existing configuration! Checked the Firewall and set the WAN interface of XG Firewall in the router should be one. My existing IP addressing from USG is 192.168.99.x and the main unifi stuff is on static got... You specify to determine sophos xg bridge mode vs gateway mode the gateway is active have one possible to replace of.