Shopping Cart

No products in the cart.

Configure VLAN on Sophos Firewall and UniFi Switch

Virtual local area networks (VLANs) are a central component in network segmentation and make a significant contribution to security and order in IT environments. VLANs make it easy to implement guest networks, for example, or to separate sensitive areas from the rest of the network. In this article, we show you how to set up a VLAN on a Sophos Firewall and a UniFi Switch.

Why VLANs make sense

  • Network segmentation: Separation of different departments or services (e.g. VoIP, Server, clients) so that data traffic can be specifically controlled and protected.
  • Increased security: Minimizes the attack surface, as potential attacks cannot spread so easily across the entire network.
  • Guest network: Separate network for guests or external service providers, which is separate from the internal network and therefore offers more security.
  • Better management: VLANs enable structured and flexible network management without great physical effort.

Configure VLAN on UniFi Switch

1. open the UniFi Controller

Navigate to your UniFi Controller.

2. create new VLAN

UniFi Network Management
UniFi Network Management
  • Click on SettingsNetworks in the left-hand menu bar.
  • Select New Virtual Network (or edit an existing network).
  • Enter a name for the VLAN, e.g. Client.
  • Set the third party gateway as the router (as you are using Sophos Firewall ).
  • Enter the desired value as the VLAN ID, e.g. 100.
  • Save the configuration.
UniFi add VLAN
UniFi add VLAN

3. assign VLAN on the ports

UniFi Network Management
UniFi Network Management
  • Under UniFi Devices → Switches → Port Manager you can configure individual ports.
  • Make sure that the ports on which VLAN 100 is required are configured either as trunk or tagged so that the VLAN is passed on tagged.

Configure VLAN on the Sophos Firewall

1. call up the web admin of Sophos Firewall

Log in to the web interface of Sophos Firewall.

2. add new VLAN

  • Navigate to NetworkInterfaces.
  • Click Add Interface in the top right-hand corner and select Add VLAN.
  • Enter a name (e.g. Clients).
  • Select the hardware interface (e.g. Port1) and the zone (e.g. LAN or better client) in which the VLAN should be located.
  • Set the VLAN ID (e.g. 100).
  • Under IPv4 configuration, select Static and assign an IP address for the gateway of the new network.
  • Save the changes.
UniFi add VLAN
UniFi add VLAN

3. adjust firewall rules

  • Create corresponding firewall rules under Rules and policies to allow or restrict traffic from the VLAN to other networks (or to the Internet).
  • If required, you can activate advanced settings such as IPS, web filtering or application control for the VLAN.