Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 22507 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I can not get a new RED 15 to connect to the internet

Paul Schwegler

I am trying to set up a new RED 15 to connect to an XG 115 with the 16.01.1 firmware. I have set up the RED in the XG, but I don't think it is even getting that far. I connect the RED to a network port in another network, a port that I have tested to provide a valid IP and have internet connection. The power, system, and router light will go solid green, but the Internet light will just blink and blink. Eventually, the system light will turn red, then the unit will reboot to try again. According to the documentation, this means that it doesn't have an 'internet connection' but what is the RED looking for to establish that it has or doesn't have an internet connection? A laptop connected to the port is able to browse the web, and this WAN connection is not supposed to have any ports blocked (commercial connection), what gives? I read on another thread that someone was able to connect it to another UTM and make it work, then it worked on the original UTM, but that was with a UTM device, not an XG.



This thread was automatically locked due to age.
Parents
  • 0

    Paul,

    make sure that the proper ports are opened for RED:

    https://community.sophos.com/kb/en-us/122755

    Also make sure that the RED receives an IP and DNS from the remote network.

    Thanks

  • 0 in reply to lferrara

    Thanks for the response. Unfortunately, I've already been through all of that. The red has perfectly unblocked access out to the internet. The XG on the other end is the Gateway at that site, nothing is there that could block ports to it.  I have verified that both isps are not blocking 3400 or 3410 either way. The red is not actually never eben getting communication with the provisioning servers. I have been on the phone with red support over the night and they've come to the conclusion that the red is bad.

  • 0 in reply to Paul Schwegler

    Paul, 

    send me a PM and I will have a look at it.

    Regards, 

  • 0 in reply to lferrara

    So i got on the phone with support again and he fixed it, but he fixed it in a way different than I was expecting. This is what he did, please let me know if this makes sense.

    I was using a dns subdomain 'mainoffice.domain.com' to connect back to my main office. We removed that and used the public IP instead. Even though I have proper DNS in my remote site, it didn't seem to be resolving. OK, I guess that works...but it's not ideal becasue if our local IP changes, how do I change it on the RED?

    The other thing that he changed, and I'm not so sure this isn't a work-around, is that he put the RED and it's DHCP scope on a different subnet. Whereas my main network is a 10.0.1.255/24 subnet, the red is now on 10.0.2.255/24 with it's own DHCP scope in that subnet. It all started working as soon as he did this, so it seemed necessary. My issue is that the solution seems counter-intuitive to the 'RED is just like a long Ethernet cable' idea that I keep hearing. If this truly was like a long Ethernet cable, wouldn't I be able to use the same subnet, with a non-overlapping and complimentary DHCP) scope for my remote devices?

    So, now I have a working setup, but i have to use IP to access the server, and there is no broadcast traffic between the subnets (NETBIOS for one) and domain joining is going to be a PITA too.

    Does this make any sense, was this only a work-around and there is a better way?

     

Reply
  • 0 in reply to lferrara

    So i got on the phone with support again and he fixed it, but he fixed it in a way different than I was expecting. This is what he did, please let me know if this makes sense.

    I was using a dns subdomain 'mainoffice.domain.com' to connect back to my main office. We removed that and used the public IP instead. Even though I have proper DNS in my remote site, it didn't seem to be resolving. OK, I guess that works...but it's not ideal becasue if our local IP changes, how do I change it on the RED?

    The other thing that he changed, and I'm not so sure this isn't a work-around, is that he put the RED and it's DHCP scope on a different subnet. Whereas my main network is a 10.0.1.255/24 subnet, the red is now on 10.0.2.255/24 with it's own DHCP scope in that subnet. It all started working as soon as he did this, so it seemed necessary. My issue is that the solution seems counter-intuitive to the 'RED is just like a long Ethernet cable' idea that I keep hearing. If this truly was like a long Ethernet cable, wouldn't I be able to use the same subnet, with a non-overlapping and complimentary DHCP) scope for my remote devices?

    So, now I have a working setup, but i have to use IP to access the server, and there is no broadcast traffic between the subnets (NETBIOS for one) and domain joining is going to be a PITA too.

    Does this make any sense, was this only a work-around and there is a better way?

     

Children
No Data