This article explains how to set up a site-to-site RED tunnel between two Sophos XG Firewalls, without the need of a separate RED device.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall version 16 and above
To setup, an XG to XG RED tunnel, choose one XG Firewall to be the server. The device picked to be a server listens for incoming connections, and the client device initiates the outgoing connection. Any upstream NAT may interfere with incoming connections, so it is best to have the non-NATed device act as a server.
Please see below for instructions on setting up the tunnel, configuring the interfaces, configuring the routes, and then configuring the firewall.
Repeat steps 1 through 5 as shown above and fill out the details shown below when adding the RED interface and then click Save.
For traffic to pass between the two firewalls, a LAN to LAN or similar rule must be created on each firewall.
The image below shows an example of a standard LAN to LAN rule so that all traffic can cross between the networks on the LAN zones
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.