Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 623 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2x Sophos XG RED Tunnel site2site non split mode doesnt work

Bianca Eggers

Hi, 

I configured a RED tunnel between two XGs according to instructions from Sophos.

1.RED tunnel configured

2.LAN2LAN rule created.

3.Routing between LANs set up via RED tunnel.

RED TUNEL is active and work fine

But

I have the problem that the client side only reaches the LAN network from the server side.

According to the instructions, you have to set a static route between the LANs.

The question is how does the client side get into the internet to WAN?

Split mode should not run. All traffic (from the Branch office) should run over the RED tunnel.

BR



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Bianca Eggers

    There are multiple approaches to do this.

    Static Route (0.0.0.0) on the BO Firewall. 

    SD-WAN Policy based Route

    Setting up the RED as a WAN Interface. 

    All those approaches require a RED to WAN Rule on the HQ. 

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    Thank you for the ideas.

    1. First, I also set a default route 0.0.0.0 on BO. However, websites could be reached for a moment. (I created a RED2WAN rule for https on HQ) but After few seconds the tunnel was disconected. The tunnel also failed to reconnect.

    After the 0.0.0.0 route was deleted, the tunnel was reconnected. The 0.0.0.0 route was only set on the BO side. On the HQ side I have set the "BO LAN > RED Interface" route (as previously left)

    2. It worked with the SD-WAN Policy-based Route. Thanks for the hint. Even if I don't quite understand how it works. I left the LAN BO <> LAN HQ routing anyway.

    3. You write "Setting up the RED as a WAN interface" is also a possibility. When I set up the RED tunnel, I can only add it to the LAN zone and not as a WAN interface. Could you maybe elaborate on that? Unfortunately, there is little documentation about this at Sophos. Many thanks for the help

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?