Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Configure inter-VLAN routing

VLANs are isolated broadcast domains, so you must configure inter-VLAN routing for endpoint computers on different VLANs so they can communicate with each other.

Video

This video shows you how to configure inter-VLAN routing.

Requirements

Before you can configure inter-VLAN routing on Sophos Firewall, you must complete the following steps:

  • Configure VLANs on a switch connected to the firewall.
  • Configure the uplink port that connects the switch to the firewall as a trunk port.
  • The network looks like the following diagram.

    Network schema with VLANs, Sophos Switch, and Sophos Firewall.

Configuration

To configure inter-VLAN routing on Sophos Firewall, you must do as follows:

Configure the VLAN interfaces

To configure the VLAN interfaces, do as follows:

  1. Go to Network > Interfaces.
  2. Click Add interface and click Add VLAN.
  3. Configure as follows:

    • Name: VLAN 100
    • Interface: Port6
    • Zone: LAN
    • VLAN ID: 100
    • IPv4/netmask: 172.16.100.1/24
  4. Click Save.

  5. Click Add interface and click Add VLAN.
  6. Configure as follows:

    • Name: VLAN 200
    • Interface: Port6
    • Zone: LAN
    • VLAN ID: 200
    • IPv4/netmask: 172.16.200.1/24
  7. Click Save.

  8. Click VLAN to confirm the creation of the VLAN interfaces.

Create the VLAN network objects

You must create a network object for each VLAN for your firewall rule as follows:

  1. Go to Hosts and services > IP host.
  2. Click Add.
  3. Configure as follows:

    • Name: VLAN 100 Network
    • IP version: IPv4
    • Type: Network
    • IP address: 172.16.100.0
    • Subnet: /24
  4. Click Save.

  5. Click Add.
  6. Configure as follows:

    • Name: VLAN 200 Network
    • IP version: IPv4
    • Type: Network
    • IP address: 172.16.200.0
    • Subnet: /24
  7. Click Save.

Create a firewall rule

The firewall rule allows traffic between the two VLANs as follows:

  1. Go to Rules and policies.
  2. Click Add firewall rule and click New firewall rule.
  3. Configure as follows:

    • Rule name: Inter-VLAN routing
    • Source zones: LAN
    • Source networks and devices: VLAN 100 Network and VLAN 200 Network
    • Destination zones: LAN
    • Destination networks: VLAN 100 Network and VLAN 200 Network

    Leave all other settings as the default.

  4. Click Save.

More resources