Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=network-interfaces-breakout

Breakout interfaces

You can break out high-speed interfaces on some XGS Series appliances into two or more interfaces of lower speeds. This enables them to connect with lower-speed ports in other network devices. You can also break out high-speed interfaces configured using FleXi modules.

Support for breakout interfaces

Sophos Firewall supports breakout interfaces on the following XGS Series appliances:

Appliances Fixed interfaces

FleXi module

(AMDA0112-0001)

 Supported configuration
XGS 8500

100 Gbps

(Ports F13 and F14)

 40 Gbps

Two breakout interfaces: 2 x 50 Gbps

Four breakout interfaces: 4 x 25 Gbps, 4 x 10 Gbps, 4 x 1 Gbps
XGS 7500

40 Gbps

(Ports F13 and F14)

 40 Gbps

Four breakout interfaces: 4 x 25 Gbps, 4 x 10 Gbps, 4 x 1 Gbps

Note that you can breakout this 40 Gbps port into 4 ports of 25 Gbps speeds each to get a total of 100 Gbps throughput.

XGS 6500

XGS 5500

 Not supported 40 Gbps Four breakout interfaces: 4 x 10 Gbps, 4 x 1 Gbps

Note

For breakout ports, make sure you use the AMDA0112-0001 FleXi module on the supported XGS Series appliances.

See Sophos and third-party transceivers/SFPs compatibility list for a list of transceivers and cables compatible with the firewall.

How breakout interfaces work

Here's how breakout interfaces work in the following scenarios:

General

  • You must restart the firewall for the breakout configuration changes to take effect. The Interfaces page shows an alert message to restart the firewall.
  • If you change the breakout configuration of an interface and revert it, you don't need to restart the firewall.

FleXi modules

If you break out a FleXi module interface and remove the FleXi module, the firewall deletes the member interfaces. The Interfaces page shows the source interface's status as Not Available. If you install the FleXi module again, you must break out the interface and restart the firewall.

Migration

  • The breakout configuration is available when you upgrade, downgrade, or rollback to a different SFOS version. Downgrades and rollbacks must be to a version that supports breakout.

  • If you downgrade or rollback to a version where breakout wasn't configured, you can see the configuration on the web admin console, but the breakout source and member interfaces don't function. You can do as follows:

    • Break out the source interface again. You don't need to restart the firewall because the member interfaces are already present.
    • If you don't want the breakout configuration, delete it and restart the firewall.

Factory reset

If you break out an interface and reset the appliance to its factory default settings, the breakout configuration is deleted, and the source interface is shown as Available.

Backup and restore

  • You can only restore the breakout configuration on supported SFOS versions and appliances.
  • You can't restore a breakout configuration to an appliance that doesn't support breakout or has a different breakout configuration on the same interface.
  • You can't restore a backup that doesn't have a breakout configuration on an appliance that has a breakout configuration.

Import and export

You can only import breakout configurations to supported SFOS versions and appliances.

High availability

  • In a high availability (HA) cluster, the breakout configuration on the primary appliance is synchronized to the auxiliary. Breakout configuration on the auxiliary is deleted during synchronization if the primary doesn't have the configuration. Restart the auxiliary appliance to apply the configuration on it.
  • If you configure breakout on the primary node, restart both nodes to apply the configuration.
  • If you turn off HA when you've configured breakout as administrative or dedicated interfaces, the breakout configuration of the source interface is kept intact on the auxiliary appliance.
  • You can't restore a backup that doesn't have breakout configuration on HA devices that have a breakout configuration.
  • If you select a breakout interface as a Dedicated HA link and it's connected to a network device, such as a switch, after initiating HA, you must go to Network > Interfaces and make sure the interface's Port settings match those of the switch.