Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 3419 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

implementing site to site VPN solution with firewall and filtering.

Idir AIT YAHIA

Hello,

I want to implement a VPN site to site with Firewall protection and web filtering, knowing that I have about 30 users on each site. I just launched the command for two Appliance XG210 with two EnterpriseGuard subscriptions, But I have a friend advised me to acquire a single XG210 Appliance with Entreprise Gard subscription and on the other site I should install a RED Appliance only.

What do you recommend, for me, what are the advantages and disadvantages of the two topologies

 

I thank you in advance for your advice



This thread was automatically locked due to age.
  • +1

    Idir,

    Red and another XG are 2 different kind of solutions.

    With red you can manage your remote users centrally, enforce them to use internet at central location.with red you cannot filter remote users internet usage (using internet at their location).

    Another XG at the remote site instead will manage internet at remote location but you need to manage it separately.

    Red also allow to create layer 2 tunnel.

  • 0 in reply to lferrara 
    Thank's for reply,

    this answers my question

    I do not want to share my internet connection in the first site with the remote site, and I would like to have a total control of the internet trafic.

    donc je me suis pas trompé de solution, il me faut bien deux Appliance distinct 

    regards 
     
  • 0 in reply to lferrara

    lferrara wrote:

    "With red you can manage your remote users centrally, enforce them to use internet at central location.with red you cannot filter remote users internet usage (using internet at their location). "

    That's cryptic!  When you enforce red users to use internet at central location (=central XG) , then you should be able to enforce internet usage filtering as well

  • 0 in reply to sixteen again

    Sixteen,

    who has no experience with RED, most of the time they understand that with RED, they are able to filter traffic using their own internet, which is not correct.

    RED users will always use the RED tunnel to reach the Headquarter location and use the HQ internet to suf. Of course in this way traffic is scanned and controlled by the XG/UTM9 at the HQ location.

    Regards