Sophos RED 20 and VLANs

Question

Hi 
 I try to setup VLANs behind a RED 20 device for the branch office, which is connected to a XG firewall. The RED device is in zone "RED" and the HQ in "LAN". 
 On the XG firewall I added a VLAN-interface (ID 100) for the RED-interface. 
 The IPs for the branch office clients will be served by DHCP relay through XG to a foreign DHCP server. 
 When I connect a client to the RED 20 device with a VLAN 100 (tagged on the NIC), the client gets the appropriate DHCP IP lease. 
 But the client cannot communicate with the HQ office. Firewall rules are setup correctly. Without VLAN tag the connection works (ping to gateway, DNS to gateway, communicate with LAN-Zone). 
 Is it possible at all to use VLANs with RED 20? I cannot find any documentation nor how the ports on the RED devices are tagged/untagged for certain VLANs. 
 I would be very happy about a hint!

dirkkotte · Accepted Answer

RED20 is not VLAN-aware. Like a unmanaged switch ... it sends the VLAN information out of the physical ports like you sendi t in at the XG. You need a switch behind the RED20 to separate the VLAN's. 
 With RED50/SDRed60 you can configure the VLAN behavior per port (trunk-Port for multiple VLAN's, Access-Pirt for only one VLAN ,...)

FormerMember · Answer

Hi RasalGhul , 
 Thanks for reaching out to the Community! 
 Try to configure a static route on the XG firewall for the VLAN subnet and select the RED interface. 
 
 Sophos XG Firewall: How to configure a floating static unicast route 
 
 Thanks,

Sophos RED 20 and VLANs

Top Replies