Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 993 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED of two Virtual XG's: How to route traffic through Main-Side?

2k9

Hello,

I have two virtual sophos XG appliances connected through RED.

This works pretty well, and currently they are acting (per default) in Standard/Split configuration.

However, since security measurements become more and more important, we want to route the whole traffic of the Client Site through the Server Site, as in the picture below. Somehow I can't get that to work.

I double checked, and there seems to be no way to select operation modes of the RED tunnel when not using a physical RED device. 

Is there a way to get around this? I already searched a lot for a solution.

Facts:

-> There is no Windows DHCP Server on either side

-> The Local Network on the Server-Site is on a VLAN Interface

-> DHCP is the "build-in" from the XG. Would be a nice-to-have to get this to work at the Remote-Site, but this is not a requirement



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    You can add a static route on client-side with the Destination network as 0.0.0.0 with "head office RED interface" IP as a gateway and select RED interface of client-side.

    For example:

    RED interface IP of server-side: 10.10.10.1

    RED interface IP of client-side: 10.10.10.2

    You'll also need to configure a firewall rule at server-side to allow internet access to client-side network.

    Note: Ensure to have a small downtime before performing above activity to prevent any disruption.

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    You can add a static route on client-side with the Destination network as 0.0.0.0 with "head office RED interface" IP as a gateway and select RED interface of client-side.

    For example:

    RED interface IP of server-side: 10.10.10.1

    RED interface IP of client-side: 10.10.10.2

    You'll also need to configure a firewall rule at server-side to allow internet access to client-side network.

    Note: Ensure to have a small downtime before performing above activity to prevent any disruption.

Children