Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 4 subscribers
  • Views 14993 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED device - Change metric

openfield

Hello !

I'm using a RED device and I would like to change the metric value (0 by default and by design I guess ?).
If I type "route -n", I can see 2 routes :
192.168.178.0 * 255.255.255.0 U 0 0 0 reds1 (metric value is 0)
192.168.178.0 10.100.230.254 255.255.255.0 UG 5 0 0 eth4 (metric value is 5)
I need that paquets go through 10.100.230.254 but metric value 5 is higher that 0...
If I change to 0 in the "static routing" tab, routing table only show interface reds1 ! I expect the opposite...

Any advice ?

Thanks !

Olivier



This thread was automatically locked due to age.
Parents
  • 0

    Salut Olivier and welcome to the UTM Community!

    Please show a picture of the Edit of the RED server for reds1.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob !

    Thanks for your answer, you know, I'm an old user of the "astaro.org" forum ;)

    Below a printscreen :

    I tried to change the operation mode to "transparent/split" and put "Internet ipV4" as network but it doesn't help :(

    Regards,

    Olivier

  • 0 in reply to BAlfson

    Hi Bob,

    Take a look at this KBA: 

    https://community.sophos.com/kb/en-us/131806

     

    Base License includes VPN: IPsec RAS / S2S, SSL VPN RAS / S2S. 

    RED, HTML5 is in network protection.

     

    You can purchase a enhanced subscription - but you do not have to. The KBA explains the warranty status. 

    __________________________________________________________________________________________________________________

  • 0 in reply to BAlfson

    Hi Bob,

    Je vais continuer en anglais pour la communauté, je ne savais pas que tu étais parfaitement bilingue :)

    Actually, with this topology, it works but in case of Internet or box failure (in front of the RED), users lose access to the datacenter...

    As I tried to explain, default route of the entire MPLS network is pointing to another firewall with no Internet access for this remote network.

     

    @Toni, correct me if I'm wrong but with a SG/XG box with IPSEC tunel, it will be the same ? Tunel have the highest priority in terms of metric and it's by design

    Olivier

  • 0 in reply to openfield

    You would have to configure some kind of backup.

    https://community.sophos.com/kb/en-us/123323

    This should be the same setup in XG, isnt it? 

    __________________________________________________________________________________________________________________

  • 0 in reply to openfield

    With IPsec in the UTM, you can bind the IPsec Connection to a specific interface, Olivier, and then make Static Interface Routes with the metrics you want.  I don't think that can be done with the XG, but maybe Toni will correct me.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    XG cannot do it as simple as bind it to the Interface, but you can also build such setups in XG aswell. 

    Like mentioned in the KBA. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    So, the only way to do it in XG is with changes at the command line.  Will those changes survive a reboot?  All upgrades?  Is there a document I could have read to answer my own question?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to LuCar Toni

    Thank you Toni, it's good to know !

    But, in my case, it means I need to replace my main Sophos with a XG model... It's not for tomorrow.

    Anyway, thank you very much Toni and Bob for your time !

    Olivier

  • 0 in reply to openfield

    You dont have to replace the Main SG with XG. 

    XG uses IPsec to connect to SG without problems. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Toni,

    In the KB you mentionned, there's a command line to change the default behaviour of routing/metric : in my case, it's useful in the main Sophos, not in the remote site.

    Even if I put a XG box in the remote site with a IPSEC tunel, I'll face the same situation :(

  • 0 in reply to openfield

    You wouldn't have the RED problem with IPsec, Olivier.  I think I mentioned this before.  In the SG in the main office, you can use Static Routes with metrics with an IPsec Connection that's bound to the interface.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to openfield

    You wouldn't have the RED problem with IPsec, Olivier.  I think I mentioned this before.  In the SG in the main office, you can use Static Routes with metrics with an IPsec Connection that's bound to the interface.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML