Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 938 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED subnetting and configuration

Hammed Abudu

I've recently deployed 2 XG firewall (one hardware and Virtual), The hardware as server and virtual as client

I've established connections as described in the article 

https://community.sophos.com/kb/en-us/126454 (Sophos XG Firewall to Sophos XG Firewall RED setup)

https://community.sophos.com/kb/en-us/125101

i've set up LAN to LAN rule in both XG firewalls and configured static route (pointing to the RED Interface as gateway also tried the Sophos LAN interface as gateway)

but it still isn't working, Both red interface are up but i cant reach remote devices behind each firewall,( a ping from a host in the SERVER LAN to CLIENT LAN is responding)

I'm really stuck here, what next am i missing?

I also want to know if the whole network established between the Two XG should be a single SUBNET or i can have different different private IP subnet on each location( like a 192.168 and 172.16 in each location), will the connection still work?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Thanks for the response LUcar, i really appreciate in advance for going through my Questions out of your busy schedule.

    I'm sorry for writing a whole lot of story but i need to understand.

    Actually you used a cable between both appliances.

    i simulated a WAN LINK by connecting the devices in the same LAN while Pointing to a gateway that can do the routing, in that manner i have IPs on each WAN interfaces of both XG with the same gateway.

     

    "You need to configure the IP of the RED interfaces within the same subnet, but different IPs".

    I'm trying to understand this, if i'm right the IP subnet of the red interface is independent of the I.Ps subnet in both remote location.

    Example SErver LAN               RED INTERFACE          CLIENT LAN

                 172.16.16.xx/27        192.168.1.x/29          10.10.10.x/24

    Are you stating that the red interface is just a means of linking the 2 network because i thought initially that they should all be in the same subnets (EXAMPLE: 172.16.16.x/24 for both SERVER LAN, CLIENT LAN and RED interface, any devices or interfaces within these connected network should have a valid IP in that same subnet)

     

    Therefore you need to configure static routing etc pp. 

    If i can establish the fact regarding the IP assignment, then i can understand how to do the routing.

    and if my assumptions regarding the IP assignment are true

    while creating the static route on each XG firewall, which gateway am i supposed to point the route to?

    the next RED interface IP, the LAN interface IP on the sophos Or the gateway of my WAN link

  • +1 in reply to Hammed Abudu

    Lets start with RED in general. RED is a layer 2 based VPN Protocol. AFAIK you will end up with a Interface on both appliances, which is the end of the tunnel.

    For the appliances, this interface is basically the same like you would place a cable between both appliances. 

    Think about both appliances connected via RJ45. 

    You need to give both ends a IP address, so they can communicate with each other (ARP etc.).

    Then you need to specify via routing, which networks can XG reach behind the other End. 

     

    Additionally you could use NAT on both XGs. 

  • 0 in reply to LuCar Toni

    ok seems like i get a basic understanding of this now

    i'll go implement this and give a feedback

    Additionally you could use NAT on both XGs

    i'll like to know case scenarios where this is useful in RED connections because i can only relate this with a LAN TO WAN rule

    i always want to learn

    Thanks Toni

    I have a RED BOX that i'm about to deploy in a remote branch, doing all this for test before starting implementation.