Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 911 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure a RED Server (No Public IP Option for Firewall RED Server)

juergenb52

Can someone provide a Documentation for XG 17.5.14 or 18.0.0 : How to configure a Firewall RED Server

The documentation (https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/concepts/FirewallREDs.html) says...

and this documentation (https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/learningContent/NetworkAddREDInterface.html)

i need to configure  Firewall IP/hostname and RED IP (internal ?!) for Firewall RED Server

The option for Firewal IP/hostname is not shown in the gui, and the RED IP, should this a public or private IP.

I wish the documentation would be congruent with the product...



This thread was automatically locked due to age.
Parents
  • 0

    Hi  :  For "Firewall IP/hostname" settings, You may navigate to Network => Interface => Click on Add Interface => Add RED. Here you may get the option for  Firewall IP/hostname" under RED settings section. This IP or hostname used here will be used by RED to have connectivity with XG. 

    If your XG is having static or public IP on WAN Interface you may define the same here for this filed value, If XG is having Dynamic WAN then you may put DynDNS host name here in this filed. So even if IP is getting change or updated then RED device will not lost its connectivity with XG RED server.

    However it is not mandatory to have public IP OR hostname to have connectivity between RED device and XG RED server and that may depends on your setup as well. 

    Let us consider that your BO location and XG has connectivity over MPLS ( considering RED communication ports are open over MPLS path from BO to XG ) then you may use MPLS WAN / MPLS Interface IP as well to have connectivity between RED and XG. In such setup you may use offline RED provisioning by downloading RED config file. (By selecting Device Deployment mode "Manually via USB stick")

    Reference: https://community.sophos.com/xg-firewall/f/discussions/121822/configuring-red-device-through-mpls

    RED IP: This RED IP section you will get based on your RED operation mode selected. Ideally this should be private IP and you are reserving an IP for RED device Interface from your selected or chosen private network which you are using/ going to use to manage devices behind RED for that specific BO.

    Video Demonstration for adding RED devicehttps://www.youtube.com/watch?v=_v7Gml8XaHE

    RED Technical Training Guide : https://support.sophos.com/support/s/article/KB-000036699?language=en_US

  • 0 in reply to Vishal_R

    Thanks,

    i am aware of the Tech Guide: https://support.sophos.com/support/s/article/KB-000036699?language=en_US

    But RED60 Device is failing with my XG 17.5.14-1 and Sophos has no idea why this happens.
    All Clients behind RED60 have apipa IP´s and ARP/NDP show incomplete for these devices.

    Seems that sophos can´t solve this currently..

    So i try to setup a XG-XG RED Tunnel.

    The guide says how to configure a RED interface.

    If i add the RED Server, the options marked with a red circle are missing?

    Where should is find these?

Reply Children
No Data