Turn off IP forwarding on Sophos Switch

Turning off IP forwarding on Sophos Switch can increase your network's security. We recommend configuring Sophos Switch to deny all IPv4 forwarded packets on any interface that isn't connected to a router.

How to turn off IP forwarding

To turn off IP forwarding, do as follows:

1. Sign in to the Sophos Switch CLI.

2. Enter global configuration with the following command:

   configure terminal
   

3. Create an access list with the following command:

   ip access-list extended "NoIPforward"
   

   Tip

   You can replace NoIPforward in the command with any name you choose. If you do, make a note of it. You'll need it later.

   The CLI automatically enters IPV4 ACL Extended Access List Configuration mode after you enter the command.

4. Run the following command:

   deny ip any any ace-priority 1
   

   This configures the access list to deny traffic from all IP source and destination addresses with the highest priority.

5. Type exit and press Enter to leave IPV4 ACL Extended Access List Configuration mode.

6. Use the interface command to enter interface configuration mode for the interface on which you want to turn off IP forwarding.

   Here's an example:

   interface gigabitethernet 0/1
   

   Tip

   You can use the interface range command mode to configure multiple interfaces simultaneously. This is useful since you must turn off IP forwarding on each interface. See CLI command modes.

7. Enter the following command to apply the access-list to the selected interface(s):

   ip access-group NoIPforward in
   

   Note

   If you created the access list with another name than NoIPforward, use that name when entering this command.

8. Type exit and press Enter, then type exit and press Enter again.

9. Type save and press Enter to save the configuration changes to the startup configuration.

More resources

• CLI command modes
• ACL
• interface