This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bring VLANS from our Datacenter to the Remote-Office (Red 15w)

Is it possible to do the following:

We have got a lab-environment in our datacenter. We installed a Sophos UTM and defined multiple VLANS which are attached to the VMs on our Hyper-V-Host. In our remote-office is a Sophos RED15W, connected via RED-Connection (Unified / Standard). We want to establish some sort of connection to our remote-office to connect our local infrastructure to one of the multiple VLANS to get a direct connection to our datacenter. It is important to get a sort of level-2-connection because we need to use the DHCP of the datacenter in our remote-office for some testing. In my opinion we don`t need to configure routing or firewall-rules in this case. How to configure the RED-Connection as a VLAN-Trunk which is linked to one of the RED15W LAN-Ports? Is it possible to configure multiple untagged Wifis for direct access to the VLANs? See my network diagram below.

6138.sophos2.pdf



This thread was automatically locked due to age.
Parents
  • Hi Manuel and welcome to the UTM Community!

    Not possible with a RED 15, I think.  A RED 50 could do what you want, but I would prefer an SG 115 with a Network Protection subscription.  It's more flexible and the total cost is less than a RED 50 with warranty extensions.  Speak with your Sophos reseller - it may be that an SG 105 would work in your situation or even an XG 85.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob!
    Do you may know, if it is possible to bring a single VLAN from our datacenter to the RED15W. I am struggeling to find a configuration to attach one single VLAN to an untagged port and a WIFI. It`s not an option to buy a new RED-Device, at the moment.

  • Hi Manuel,

    having multiple vlans on a RED15 is possible, every port is then a trunk Port, you'll need a vlan capable Switch in the remote office to assign clients to the correnct vlans.

    Please notice that the red is unable to do routing between vlans, all inter-vlan-traffic is routed by the UTM in your Datacenter which means that the inver-vlan-traffic causes double load on your internet connection.

     

    you can build a transparent L2 if you create a bridge interface between a red interface and one of the local interfaces of the UTM. please do not use this configuration if your UTM is a vmware virtual machine. it will cause high load on your hypervisor (i crashed a Datacenter IAAS environment this way.. vmware bug...)

     

    yours Lukas

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

  • Thanks Lukas,

    I did the following configuration. Can you help me to find the problem? All “Ether VLANs” are attached to the eth0 Interface. The “Ethernet Bridge – br0” is configured with eth0 and my RED-Device “reds1”. I am able to reach the Internal-Network (192.168.1.0) when I am plugged into one of the RED15W Ports. But there is no connection when I assign a VLAN-Tag to the Network-Card of my Testclient plugged into the RED15W Port. Is there anything more I need to do? Please see the attached screenshots.

    PS: Gerne kannst du mich auch direkt kontaktieren.

     

  • Your dashboard indicates that the RED 15 has not connected.  What is the topology in the remote office?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    there is one router between the RED15W an the Internet, but the RED is configured as "Exposed-Host". Why do you think there is no connection? All four LEDs on the RED15W are permanent green and, as mentioned, I can connect with my non-VLAN-Network from the Remote-Office. Is there something else I need to think of?

  • I hadn't thought of Lukas' idea before, but I would think that you would need to create a bridge of eth0 and reds1 and then move your VLAN interfaces from eth0 to br0.  At the other end, you will need a VLAN switch with a trunk connection to one of the RED 15 ports.  If you can segment the IP addresses, you will want to do in-lab inter-VLAN routing in your VLAN switch.  Interesting question!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I hadn't thought of Lukas' idea before, but I would think that you would need to create a bridge of eth0 and reds1 and then move your VLAN interfaces from eth0 to br0.  At the other end, you will need a VLAN switch with a trunk connection to one of the RED 15 ports.  If you can segment the IP addresses, you will want to do in-lab inter-VLAN routing in your VLAN switch.  Interesting question!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data