Tunnel Red with UTM & VLANS

To transport a VLAN, you need a Layer 2 Bridge (Called Network Bridge) between a RED Tunnel and a physical Interface.

This will allow you to place a VLAN on top of that bridge. (V18 Feature).

To have a simple VLAN on a RED interface, that is possible without a Bridge. It will simply forward the VLAN Tag to the XG and XG can pick up this VLAN tag and act as a Layer 3 router. 

Having the same VLAN on different locations will lead to having a bridge, because you will have to use the same Subnet Range. 

Thanks, i need to use  the remote UTM in Bridge mode to tranport VLAN  ?

Also what  did you mean about  "Forward VLAN TAG "? in what manner i can do this ?

Thanks a lot

Marco

Depending on what you try to archive. 

XG/SG can act as a Switch or a Router. Basically Layer 2 or Layer 3. 

A VLAN is a Subnet in virtual manner. 

Most products cannot handle two interfaces with the same subnet. 

Lets say: 

VLAN2 (192.168.1.0/24) 

HQ --- RED Tunnel --- RED Appliance 

If you want to have VLAN2 on the RED Appliance and your Network on HQ, you need to build a Bridge between the RED Interface on XG and the Local Interface, which is connected to the VLAN. 

VLAN2 --- HQ Bridge --- RED Tunnel --- RED Appliance --- VLAN2

If you have a VLAN3 on the RED Site, you can simply put the VLAN3 on the RED interface and RED will forward the VLAN to the XG.

HQ --- VLAN3 --- RED Tunnel --- RED Appliance --- VLAN3

If you have another Appliance connected to XG via RED Site to Site, you would apply the same methods. 

VLAN2 --- HQ Bridge --- RED Tunnel --- XG Bridge --- VLAN2

HQ --- VLAN3 --- RED Tunnel --- XG Appliance --- VLAN3

Reference: 

https://community.sophos.com/kb/en-us/132723

https://community.sophos.com/kb/en-us/132608