This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Red 50 Standard/Split AP55

 Hi, 

i have a question.

I have a Sophos SG210 an did set up RED50 in standard/split mode.

Port mode: Switch

Behind the RED50 is an AP55 with 3 wireless LAN (the same which i have @ the SG210)

i am able to access all 3 WLAN and use the internet.

i am also able to use the WLAN which is Bridged to AP LAN and communicate with devices from the SG210 Office Network, Internet traffic is getting routet directly wihtout passing the SG210.

 

But the problem the 2 other WLAN which are "wlan3" and "wlan4" pass always the SG210 through the Tunnel.

How do i get this 2 (or 2 new) WIFIs not to route internet traffic through the SG210. ( this wifis dont even need any connection to my SG210 exept for Management)

 



This thread was automatically locked due to age.
Parents
  • I "think" this is not possible.

    The Separate Zone Configuration is a tunnel itself. The AP will tunnel the traffic to the SG. The RED is not able to open this tunnel to route the traffic via Split on the local breakout.

    RED is only a kind of "dump" routing device and if you work with a tunnel protocol, it cannot handle it. It can only split tunnel 80/443. And Separate zone is Port 2712 (i guess).

    This is the reason for using a XG/SG instead of RED. I am using quite often a XG with base license instead of RED to create a IPsec tunnel to SG and use the XG to manage the APs. 

    Or you could use Central Wireless for the APs and split tunnel with Central Wireless. 

    __________________________________________________________________________________________________________________

Reply
  • I "think" this is not possible.

    The Separate Zone Configuration is a tunnel itself. The AP will tunnel the traffic to the SG. The RED is not able to open this tunnel to route the traffic via Split on the local breakout.

    RED is only a kind of "dump" routing device and if you work with a tunnel protocol, it cannot handle it. It can only split tunnel 80/443. And Separate zone is Port 2712 (i guess).

    This is the reason for using a XG/SG instead of RED. I am using quite often a XG with base license instead of RED to create a IPsec tunnel to SG and use the XG to manage the APs. 

    Or you could use Central Wireless for the APs and split tunnel with Central Wireless. 

    __________________________________________________________________________________________________________________

Children
  • OK,

     

    so there is no option even with new VLAN or Wlan Settings?

     

    If i would use transparent split mode, i need a extra DHCP and DNS server in the branch office and set the Main Office Network to Split Network Box.

     

    Any use left for the AP55 in this case?

  • You already have the RED 50, chrizz, so my comment is for others that see your thread.  I absolutely agree with MBP.  A RED 50 with warranty extensions costs more over its lifetime than does an SG 115 with a Network Protection subscription, yet it does not have the same flexibility.  An XG costs even less, but I prefer not to mix device-management metaphors. [;)]  In short, the RED 15 is a valuable, cost-effective tool.  If the RED 15 is not powerful enough, the RED 50 is not a solution that I recommend - ever.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA