This article provides instructions on configuring Site-to-Site RED tunnels between UTMs in "full tunnel" mode, such that all traffic not destined for other known networks will be sent over them.
Applies to the following Sophos product(s) and version(s) Sophos UTM
Operating systems UTM v8, v9
Site-to-site (UTM-UTM) RED tunnels can be configured to work as 'full' tunnels, where all traffic not destined for a local network (such as internet traffic) is sent over them.
Creating a full Site-Site RED tunnel involves configuring the tunnel as an uplink & adding the address of the remote UTM as the gateway, and then using Uplink Balancing to weight the RED interface at 100%.
Where to configure: WebAdmin
First, configure your RED tunnel as an uplink by doing the following:
Next, do the following:
All internet traffic will now be routed over the RED tunnel instead of directly out your primary uplink. You'll need to ensure that the UTM on the remote side of the tunnel allows traffic from the local UTM to reach the internet, by creating firewall and masquerading rules as appropriate.
If you would like traffic destined for certain websites to not be routed over the RED, and go directly out your primary uplink instead, you can add interface binding rules for them under Interfaces & Routing > Interfaces > Multipath Rules. Alternatively, you can also weight the RED tunnel to 0% instead of 100%, and then use multipath rules to forward traffic only from certain hosts over the RED tunnel.
KB 120157 - How to configure Site-to-Site RED Tunnels KB 116573 - Sophos RED (Remote Ethernet Device) Technical Training Guide
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.