Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Sophos XG Firewall placement
CB_24

366 posts

Ultimate Geek


#240745 24-Sep-2018 10:27
Send private message

Hey,

 

 

 

After some advice as to where I should place a new Sophos XG Firewall?

 

 

 

Currently I have the normal Unifi setup:

 

ISP Fibre ONT > USG WAN > USG LAN > Unifi Switch > rest of the internal network

 

 

 

To integrate the XG should I do 

 

ISP Fibre ONT > USG WAN (VLAN10) > USG LAN > Sophos In > Sophos Out > Unifi Switch    or

 

ISP Fibre ONT > (VLAN10) Sophos In > Sophos Out > USG WAN > USG LAN > Unifi Switch 

 

 

 

I'd prefer to keep the connection to the ISP going through the USG first then onto Sophos if that's best.

 

I want to include the firewall to monitor the traffic deeper and restrict websites etc as the kids get older.

 

 

 

Thanks

Create new topic
cyril7
9058 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2095350 24-Sep-2018 10:34
Send private message

Any reason why you want to keep the USG in circuit, this seems odd. If you do keep it, ensure you route between them, not nat

 

Cyril



CB_24

366 posts

Ultimate Geek


  #2095531 24-Sep-2018 14:18
Send private message

cyril7:

 

Any reason why you want to keep the USG in circuit, this seems odd. If you do keep it, ensure you route between them, not nat

 

Cyril

 

 

 

 

Mainly want to keep the USG as I have already invested in it and a great device, though it's limited with the firewall and web filtering ability.

 

From what I have seen it looks like its best to put the Sophos XG between the OTP and the Unifi Gateway.

cyril7
9058 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2095538 24-Sep-2018 14:27
Send private message

Well it depends who you want to do the NAT and firewalling, if it were me, I would drop the USG, but failing that I would use the Sophos simply as a content filter (and firewall as appropriate) for networks you want to protect (ie the kids) and therefore put it between the kids vlan and USG, ymmv :)

 

 

 

ie ONT > USG > Sophos > kids network

 

                        > responsible persons network

 

Cyril



CB_24

366 posts

Ultimate Geek


  #2095691 24-Sep-2018 17:59
Send private message

Cheers

See any issue of putting the Sophos XG in between the ONT and Unifi USG and using the USG for authentication to the Internet? Basically passing through the XG or will it break auth until firewall rules are in place?

ONT > Sophos XG ( web filtering ) > USG WAN ( fibre auth ) > USG LAN > Switch

cyril7
9058 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2095695 24-Sep-2018 18:03
Send private message

Hi, your building a rod for you back and a good chance of creating a worse mess, get rid of one of the routers.

 

Cyril

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright