Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 618 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2x Sophos XG RED Tunnel site2site non split mode doesnt work

Bianca Eggers

Hi, 

I configured a RED tunnel between two XGs according to instructions from Sophos.

1.RED tunnel configured

2.LAN2LAN rule created.

3.Routing between LANs set up via RED tunnel.

RED TUNEL is active and work fine

But

I have the problem that the client side only reaches the LAN network from the server side.

According to the instructions, you have to set a static route between the LANs.

The question is how does the client side get into the internet to WAN?

Split mode should not run. All traffic (from the Branch office) should run over the RED tunnel.

BR



This thread was automatically locked due to age.
  • 0

    There is no user interface on the RED appliance. It is designed to be fully configured and managed from a Sophos Firewall. RED devices can be shipped to a remote site, connected to any DHCP connection to the internet, and be fully configured by a remote administrator with no prior knowledge of the site, and no need to walk local personnel through technical setup steps.

    MyLabCorp Employee Login

  • 0 in reply to Jack Thompson

    Hi, I think I expressed myself wrong.

    The RED Tunnel is established between two XG Firewalls.

    Without RED devices only the RED tunnel mode.

  • 0 in reply to Bianca Eggers

    There are multiple approaches to do this.

    Static Route (0.0.0.0) on the BO Firewall. 

    SD-WAN Policy based Route

    Setting up the RED as a WAN Interface. 

    All those approaches require a RED to WAN Rule on the HQ. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thank you for the ideas.

    1. First, I also set a default route 0.0.0.0 on BO. However, websites could be reached for a moment. (I created a RED2WAN rule for https on HQ) but After few seconds the tunnel was disconected. The tunnel also failed to reconnect.

    After the 0.0.0.0 route was deleted, the tunnel was reconnected. The 0.0.0.0 route was only set on the BO side. On the HQ side I have set the "BO LAN > RED Interface" route (as previously left)

    2. It worked with the SD-WAN Policy-based Route. Thanks for the hint. Even if I don't quite understand how it works. I left the LAN BO <> LAN HQ routing anyway.

    3. You write "Setting up the RED as a WAN interface" is also a possibility. When I set up the RED tunnel, I can only add it to the LAN zone and not as a WAN interface. Could you maybe elaborate on that? Unfortunately, there is little documentation about this at Sophos. Many thanks for the help

  • 0

    Hallo Bianca,

    I've moved your thread on the same subject from the UTM German Forum to the Sophos Firewall German Forum.

    MfG & Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?