{"id":167429,"date":"2025-02-19T14:04:25","date_gmt":"2025-02-19T13:04:25","guid":{"rendered":"https:\/\/www.avanet.com\/kb\/sophos-firewall-unifi-switch-vlan-configuration\/"},"modified":"2025-02-19T14:05:20","modified_gmt":"2025-02-19T13:05:20","slug":"sophos-firewall-unifi-switch-vlan-configuration","status":"publish","type":"kb","link":"https:\/\/www.avanet.com\/en\/kb\/sophos-firewall-unifi-switch-vlan-configuration\/","title":{"rendered":"Configure VLAN on Sophos Firewall and UniFi Switch"},"content":{"rendered":"\n<p>Virtual local area networks (VLANs) are a central component in network segmentation and make a significant contribution to security and order in IT environments. VLANs make it easy to implement guest networks, for example, or to separate sensitive areas from the rest of the network. In this article, we show you how to set up a VLAN on a Sophos Firewall and a UniFi Switch.  <\/p>\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Topics<\/h2><nav><ul><li class=\"\"><a href=\"#t\">Why VLANs make sense<\/a><\/li><li class=\"\"><a href=\"#vlan-auf-uni-fi-switch-konfigurieren\">Configure VLAN on UniFi Switch<\/a><\/li><li class=\"\"><a href=\"#vlan-auf-der-sophos-firewall-konfigurieren\">Configure VLAN on the Sophos Firewall <\/a><\/li><\/ul><\/nav><\/div>\n\n<h2 class=\"wp-block-heading\" id=\"t\">Why VLANs make sense<\/h2>\n\n<ul class=\"wp-block-list\">\n<li><strong>Network segmentation<\/strong>: Separation of different departments or services (e.g. VoIP, Server, clients) so that data traffic can be specifically controlled and protected.<\/li>\n\n\n\n<li><strong>Increased security<\/strong>: Minimizes the attack surface, as potential attacks cannot spread so easily across the entire network.<\/li>\n\n\n\n<li><strong>Guest network<\/strong>: Separate network for guests or external service providers, which is separate from the internal network and therefore offers more security.<\/li>\n\n\n\n<li><strong>Better management<\/strong>: VLANs enable structured and flexible network management without great physical effort.<\/li>\n<\/ul>\n\n<h2 class=\"wp-block-heading\" id=\"vlan-auf-uni-fi-switch-konfigurieren\">Configure VLAN on UniFi Switch<\/h2>\n\n<p>1. <strong>open the UniFi Controller<\/strong><\/p>\n\n<p>Navigate to your UniFi Controller.<\/p>\n\n<p>2. <strong>create new VLAN<\/strong><\/p>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-cf627a7\" data-block-id=\"cf627a7\"><style>.stk-cf627a7 .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-167409\" src=\"https:\/\/www.avanet.com\/assets\/unifi-network-management.jpg\" width=\"2333\" height=\"1750\" alt=\"UniFi Network Management\" srcset=\"https:\/\/www.avanet.com\/assets\/unifi-network-management.jpg 2333w, https:\/\/www.avanet.com\/assets\/unifi-network-management-300x225.jpg 300w, https:\/\/www.avanet.com\/assets\/unifi-network-management-1024x768.jpg 1024w, https:\/\/www.avanet.com\/assets\/unifi-network-management-768x576.jpg 768w, https:\/\/www.avanet.com\/assets\/unifi-network-management-1536x1152.jpg 1536w, https:\/\/www.avanet.com\/assets\/unifi-network-management-2048x1536.jpg 2048w, https:\/\/www.avanet.com\/assets\/unifi-network-management-600x450.jpg 600w, https:\/\/www.avanet.com\/assets\/unifi-network-management-64x48.jpg 64w\" sizes=\"auto, (max-width: 2333px) 100vw, 2333px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">UniFi Network Management<\/figcaption><\/figure><\/div>\n\n<ul class=\"wp-block-list\">\n<li>Click on <strong>Settings<\/strong> \u2192 <strong>Networks<\/strong> in the left-hand menu bar.<\/li>\n\n\n\n<li>Select <strong>New Virtual Network<\/strong> (or edit an existing network).<\/li>\n\n\n\n<li>Enter a name for the VLAN, e.g. <em>Client<\/em>.<\/li>\n\n\n\n<li>Set the <strong>third party gateway<\/strong> as the <strong>router<\/strong> (as you are using Sophos Firewall ).<\/li>\n\n\n\n<li>Enter the desired value as the <strong>VLAN ID<\/strong>, e.g. <em>100<\/em>.<\/li>\n\n\n\n<li>Save the configuration.<\/li>\n<\/ul>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-c211121\" data-block-id=\"c211121\"><style>.stk-c211121 .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-167414\" src=\"https:\/\/www.avanet.com\/assets\/unifi-network-add-vlan.jpg\" width=\"2333\" height=\"1750\" alt=\"UniFi add VLAN\" srcset=\"https:\/\/www.avanet.com\/assets\/unifi-network-add-vlan.jpg 2333w, https:\/\/www.avanet.com\/assets\/unifi-network-add-vlan-300x225.jpg 300w, https:\/\/www.avanet.com\/assets\/unifi-network-add-vlan-1024x768.jpg 1024w, https:\/\/www.avanet.com\/assets\/unifi-network-add-vlan-768x576.jpg 768w, https:\/\/www.avanet.com\/assets\/unifi-network-add-vlan-1536x1152.jpg 1536w, https:\/\/www.avanet.com\/assets\/unifi-network-add-vlan-2048x1536.jpg 2048w, https:\/\/www.avanet.com\/assets\/unifi-network-add-vlan-600x450.jpg 600w, https:\/\/www.avanet.com\/assets\/unifi-network-add-vlan-64x48.jpg 64w\" sizes=\"auto, (max-width: 2333px) 100vw, 2333px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">UniFi add VLAN<\/figcaption><\/figure><\/div>\n\n<p>3. <strong>assign VLAN on the ports<\/strong><\/p>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-3349d3b\" data-block-id=\"3349d3b\"><style>.stk-3349d3b .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-167424\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-add-vlan-scaled.jpg\" width=\"2560\" height=\"1642\" alt=\"UniFi Network Management\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-add-vlan-scaled.jpg 2560w, https:\/\/www.avanet.com\/assets\/sophos-firewall-add-vlan-300x192.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-add-vlan-1024x657.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-add-vlan-768x493.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-add-vlan-1536x985.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-add-vlan-2048x1314.jpg 2048w, https:\/\/www.avanet.com\/assets\/sophos-firewall-add-vlan-600x385.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-add-vlan-64x41.jpg 64w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">UniFi Network Management<\/figcaption><\/figure><\/div>\n\n<ul class=\"wp-block-list\">\n<li>Under <strong>UniFi Devices \u2192 Switches \u2192 Port Manager<\/strong> you can configure individual ports.<\/li>\n\n\n\n<li>Make sure that the ports on which VLAN 100 is required are configured either as <strong>trunk<\/strong> or <strong>tagged<\/strong> so that the VLAN is passed on tagged.<\/li>\n<\/ul>\n\n<h2 class=\"wp-block-heading\" id=\"vlan-auf-der-sophos-firewall-konfigurieren\">Configure VLAN on the Sophos Firewall <\/h2>\n\n<p>1. <strong>call up the web admin of Sophos Firewall <\/strong><\/p>\n\n<p>Log in to the web interface of Sophos Firewall.<\/p>\n\n<p>2. <strong>add new VLAN<\/strong><\/p>\n\n<ul class=\"wp-block-list\">\n<li>Navigate to <strong>Network<\/strong> \u2192 <strong>Interfaces<\/strong>.<\/li>\n\n\n\n<li>Click <strong>Add Interface<\/strong> in the top right-hand corner and select <strong>Add VLAN<\/strong>.<\/li>\n\n\n\n<li>Enter a <strong>name<\/strong> (e.g. <em>Clients<\/em>).<\/li>\n\n\n\n<li>Select the <strong>hardware interface<\/strong> (e.g. Port1) and the <strong>zone<\/strong> (e.g. LAN or better client) in which the VLAN should be located.<\/li>\n\n\n\n<li>Set the <strong>VLAN ID<\/strong> (e.g. <em>100<\/em>).<\/li>\n\n\n\n<li>Under <strong>IPv4 configuration<\/strong>, select <strong>Static<\/strong> and assign an IP address for the gateway of the new network.<\/li>\n\n\n\n<li>Save the changes.<\/li>\n<\/ul>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-20003ca\" data-block-id=\"20003ca\"><style>.stk-20003ca .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-167419\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-configure-vlan-interface-scaled.jpg\" width=\"2560\" height=\"1107\" alt=\"UniFi add VLAN\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-configure-vlan-interface-scaled.jpg 2560w, https:\/\/www.avanet.com\/assets\/sophos-firewall-configure-vlan-interface-300x130.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-configure-vlan-interface-1024x443.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-configure-vlan-interface-768x332.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-configure-vlan-interface-1536x664.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-configure-vlan-interface-2048x885.jpg 2048w, https:\/\/www.avanet.com\/assets\/sophos-firewall-configure-vlan-interface-600x259.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-configure-vlan-interface-64x28.jpg 64w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">UniFi add VLAN<\/figcaption><\/figure><\/div>\n\n<p>3. <strong>adjust firewall rules<\/strong><\/p>\n\n<ul class=\"wp-block-list\">\n<li>Create corresponding firewall rules under <strong>Rules and policies<\/strong> to allow or restrict traffic from the VLAN to other networks (or to the Internet).<\/li>\n\n\n\n<li>If required, you can activate advanced settings such as <strong>IPS<\/strong>, <strong>web filtering<\/strong> or <strong>application control<\/strong> for the VLAN.<\/li>\n<\/ul>\n","protected":false},"author":1,"featured_media":0,"parent":0,"template":"","format":"standard","kb_kategorie":[382,782],"class_list":["post-167429","kb","type-kb","status-publish","format-standard","hentry","kb_kategorie-sophos-firewall","kb_kategorie-unifi-en"],"blocksy_meta":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb\/167429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media?parent=167429"}],"wp:term":[{"taxonomy":"kb_kategorie","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb_kategorie?post=167429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}