Configure OPNsense Bridge on a Sophos SG125 V2

I recently purchased two Sophos SG 125 V2s with OPNsense. These have several physical (Layer 3) interfaces, which I would like to combine into a bridge. This allows multiple interfaces to be treated like a switch (Layer 2) and assigned to the same network without having to configure each interface individually.

Sophos has a DMZ, a LAN, an HA, a WAN, and several normal Ethernet ports. I would like to set up the Ethernet ports together as a bridge.

Configure physical interfaces#

1. First, under Interfaces > Assignments, all physical interfaces must be assigned to a logical interface. The name assigned is irrelevant.
2. In addition, the interface must be activated; alternatively, the lock can be activated. This prevents the interface from being accidentally deleted from the bridge.
3. Then, a bridge can be created under Interfaces > Other Types > Bridge, and all desired interfaces can be added.

Firewall Filter on the bridge#

To avoid creating separate firewall rules for each interface of the bridge, but only for the LAN interface, the following settings must be adjusted under System > Settings > Tunables:

1. net.link.bridge.pfil_bridge = 1
2. net.link.bridge.pfil_member = 0 – This disables the filters on the individual interfaces of the bridge and enables the filters on the bridge interface itself.

Finally, the bridge can then be assigned to the virtual LAN interface.

Note that this will cause you to lose your current connection because the current interface is not a member of the bridge. If a bridge interface connects, the remaining interface can also be added to the bridge.