Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=network-interfaces-breakout

Breakout interfaces

You can break out high-speed interfaces on some XGS Series appliances into two or more interfaces of lower speeds. This enables them to connect with lower-speed ports in other network devices. You can also break out high-speed interfaces configured using FleXi modules.

Support for breakout interfaces

Sophos Firewall supports breakout interfaces on the following XGS Series appliances:

Appliances Fixed interfaces

FleXi module

(AMDA0112-0001)

 Supported configuration
XGS 8500

100 Gbps

(Ports F13 and F14)

 40 Gbps

Two breakout interfaces: 2 x 50 Gbps

Four breakout interfaces: 4 x 25 Gbps, 4 x 10 Gbps, 4 x 1 Gbps
XGS 7500

40 Gbps

(Ports F13 and F14)

 40 Gbps

Four breakout interfaces: 4 x 25 Gbps, 4 x 10 Gbps, 4 x 1 Gbps

Note that you can breakout this 40 Gbps port into 4 ports of 25 Gbps speeds each to get a total of 100 Gbps throughput.

XGS 6500

XGS 5500

 Not supported 40 Gbps Four breakout interfaces: 4 x 10 Gbps, 4 x 1 Gbps

Note

For breakout ports, make sure you use the AMDA0112-0001 FleXi module on the supported XGS Series appliances.

See Sophos and third-party transceivers/SFPs compatibility list for a list of transceivers and cables compatible with the firewall.

How breakout interfaces work

Here's how breakout interfaces work in the following scenarios:

General

  • You must restart the firewall for the breakout configuration changes to take effect. The Interfaces page shows an alert message to restart the firewall.
  • If you change the breakout configuration of an interface and revert it, you don't need to restart the firewall.

For more information about breakout interfaces in a high availability cluster, see Interface requirements.

FleXi modules

If you break out a FleXi module interface and remove the FleXi module, the firewall deletes the member interfaces. The Interfaces page shows the source interface's status as Not Available. If you install the FleXi module again, you must break out the interface and restart the firewall.

Migration

  • The breakout configuration is available when you upgrade, downgrade, or rollback to a different SFOS version. Downgrades and rollbacks must be to a version that supports breakout.

  • If you downgrade or rollback to a version where breakout wasn't configured, you can see the configuration on the web admin console, but the breakout source and member interfaces don't function. You can do as follows:

    • Break out the source interface again. You don't need to restart the firewall because the member interfaces are already present.
    • If you don't want the breakout configuration, delete it and restart the firewall.

Factory reset

If you break out an interface and reset the appliance to its factory default settings, the breakout configuration is deleted, and the source interface is shown as Available.

Backup and restore

For 20.0 MR2 and later, see Breakout port.

For 20.0 MR1 and earlier, see Breakout port.

Import and export

You can only import breakout configurations to supported SFOS versions and appliances.