Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1768 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advise neede for setting up REDs with unreliable Interent connection

ToBu
Dear All,

I am facing the problem, that the interent connections used to connect my Sophos UTM and several RED devices are quite unreliable.
Therefore, if the VPN-tunnel between a remote and the central office go down, the entire remote network is quite unusable, e.g. clients lose their connections, even if they were connected before the internet connection outage, etc.

Currently, I am running a Standard/Split configuration with the respective REDs recieivng their external interface's IP-address from a DSL-router at the remote office via DHCP.

Would a change to Transparent/Split improve the situation, like keeping the remote network itself functionable ?

According to the Sophos RED (Remote Ethernet Device) Technical Training Guide even for a Transparent/Split configuration, the internet connection would go down for clients in the remote location if the UTM is not available, although I am at a loss to understand why.

Could anybody with more technical insight than me, tell why this is actually happening, and how I can keep my remote network afloat, even if the UTM's internet connection is down ?

Any hint is highly appreciated.

Yours sincerly
Tobias


This thread was automatically locked due to age.
Parents
  • 0
    Best thing to do in my opinion is to point your default gateway to the current router connected to the internet and make custom routes (this can also be done using DHCP) for the IP's/subnets that need to go through the RED to the UTM.
    That way if the internet connection between RED and UTM fails, the default gateway will still be available.

    Of course this will only work if you had a split tunneling solution in mind to begin with, you just do the split tunneling yourself by using static routes on the clients in stead of pointing everything to the RED.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    Best thing to do in my opinion is to point your default gateway to the current router connected to the internet and make custom routes (this can also be done using DHCP) for the IP's/subnets that need to go through the RED to the UTM.
    That way if the internet connection between RED and UTM fails, the default gateway will still be available.

    Of course this will only work if you had a split tunneling solution in mind to begin with, you just do the split tunneling yourself by using static routes on the clients in stead of pointing everything to the RED.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Unfiltered HTML