Deploy Sophos Firewall in bridge mode
When you deploy Sophos Firewall in bridge mode, you can add security to your network without changing the existing configuration.
When you configure Sophos Firewall as a layer 2 bridge (in bridge mode), you can use features, such as deep packet inspection, intrusion prevention system, malware scanning, and email content scanning without changing the configuration or IP address schema of your network.
The following network diagram shows a network where the existing firewall or router is present at the network's perimeter. Sophos Firewall is deployed in bridge mode.
The IP addresses shown in the diagram are examples. Your network may be different.
Bridge mode deployment
Sophos Firewall is shipped with the following default configuration:
- Port A IP address (LAN zone): 172.16.16.16/255.255.255.0.
- Port B IP address (WAN zone): DHCP IP assignment.
Connect port A of Sophos Firewall to an endpoint computer's Ethernet interface and set the endpoint computer's IP address to
172.16.16.2/24. Browse to
https://172.16.16.16:4444 to access the graphical user interface (GUI) and follow the steps in the assistant.
Configure Sophos Firewall in bridge mode
Select Click to begin.
Set a new password for the admin account.
If required, click Manual configuration.
Choose a name for the firewall and set the time zone.
Register your firewall.
Sign in or create a Sophos Central account.
If you selected a 30-day trial, select a licensing option and click Claim firewall.
The serial number is assigned to your Sophos Firewall.
Choose bridge mode by selecting Internet gateway (Bridge Mode), and click Continue.
Select network protection options as required and click Continue.
Set an email recipient for notifications and backups and click Continue.
Review the configuration summary, and click Finish.
Sophos Firewall applies the configuration changes and reboots.
When you configure Sophos Firewall in bridge mode, it forwards packets such as Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and multicast routing.
We support High Availability (HA) on bridge interfaces when you deploy Sophos Firewall in bridge mode using the assistant. However, if you run the assistant after you've configured HA, HA is turned off.
You can configure bridge mode on Sophos Firewall without using the assistant. You can set up a bridge interface over physical and virtual interfaces. See Add a bridge interface.