Deploy Sophos Firewall in bridge mode
When you deploy Sophos Firewall in bridge mode, you can add security to your network without changing the existing configuration.
Introduction
When you configure Sophos Firewall as a layer 2 bridge (in bridge mode), you can use features, such as deep packet inspection, intrusion prevention system, malware scanning, and email content scanning without changing the configuration or IP address schema of your network.
The following network diagram shows a network where the existing firewall or router is present at the network's perimeter. Sophos Firewall is deployed in bridge mode.
Note
The IP addresses shown in the diagram are examples. Your network may be different.
Bridge mode deployment
Sophos Firewall is shipped with the following default configuration:
- Port A IP address (LAN zone): 172.16.16.16/255.255.255.0.
- Port B IP address (WAN zone): DHCP IP assignment.
Connect port A of Sophos Firewall to an endpoint computer's Ethernet interface and set the endpoint computer's IP address to 172.16.16.2/24
. Browse to https://172.16.16.16:4444
to access the graphical user interface (GUI) and follow the steps in the assistant.
Configure Sophos Firewall in bridge mode
-
Select Click to begin.
-
Set a new password for the admin account.
-
If required, click Manual configuration.
-
Configure the network settings as required and click Apply.
Note
The network settings shown in the image are examples only. You must configure settings that are appropriate for your network.
-
Click OK.
-
-
Click Continue.
-
Choose a name for the firewall and set the time zone.
-
Register your firewall.
-
If you have a serial number, choose the first option and enter your serial number.
-
If you don't have a serial number, choose the second option, which provides you a temporary serial number valid for a 30-day trial.
-
-
Sign in or create a Sophos Central account.
If you selected a 30-day trial, select a licensing option and click Claim firewall.
The serial number is assigned to your Sophos Firewall.
-
Click Continue.
-
Choose bridge mode by selecting Internet gateway (Bridge Mode), and click Continue.
-
Select network protection options as required and click Continue.
-
Set an email recipient for notifications and backups and click Continue.
-
Review the configuration summary, and click Finish.
Sophos Firewall applies the configuration changes and reboots.
Additional information
When you configure Sophos Firewall in bridge mode, it forwards packets such as Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and multicast routing.
We support High Availability (HA) on bridge interfaces when you deploy Sophos Firewall in bridge mode using the assistant. However, if you run the assistant after you've configured HA, HA is turned off.
You can configure bridge mode on Sophos Firewall without using the assistant. You can set up a bridge interface over physical and virtual interfaces. See Add a bridge interface.