Scheduled maintenance on Saturday, August 8th from 7am to 10am (UTC). Licensing registrations and key activations will be unavailable during this period. More info here.
We'd love to hear about it! Click here to go to the product suggestion community
We have a SG210 running firmware v9.700-5.
I have purchased our first RED (15) with the intention of putting it in a client's LAN so they can use resources on our LAN. Their Internet gateway doesn't have VPN functionality, so I chose to the RED.
It is setup thusly:
> The RED is configured in the "Advanced" configuration of "Manual/Split" mode. The WAN port on the RED is plugged into an Ethernet port on their Technicolor ADSL router, and a LAN port on the RED is also plugged into the same router. The RED has connected succesfully to the Sophos authorisation/config servers and is online in our UTM.> I have created a new interface for the RED with an interface type of "Ethernet", using the RED as hardware and with a new and unused static IP address range.> For testing purposes, I have created two firewall rules:
Letting all traffic through is for testing purposes, I intend to lock down these rules once testing is complete.
I have added a route to my Domain subnet on a PC on that is on the RED subnet, using the RED as the gateway. They are not able to access resources on this network (e.g. remote desktop), or ping or tracert to it - the traffic times out.
If I attempt to ping anything other than the interface (45.1) from my Domain network, the traffic timesout.
What am I missing here?
Please show pictures of the Edits of the RED server definition and the Interface for the RED.
Cheers - Bob
In reply to BAlfson:
Thanks for your reply
There isn't a Server (Service?) definition for the RED that I can see, but here is the interface:
Hope that's what you need?
In reply to gr33ny:
Look on the '[Server] Client Management' tab of 'RED Management', Paul. Also, how do the remote devices get DHCP and what is the subnet in the remote site?
That tab appears to have the RED ID & secret, should I be posting that publicly?
They get DHCP addresses - 192.168.1.0/24
This subnet is in use on a site-site VPN already, but since the RED has a new subnet (45.0/24) then I thought it may not matter...
Agreed, Paul, I would mark those out if I were posting it the Edit of the RED Server.
Apologies for my delayed reply, I have been somewhat busy of late.
In this screen the RED looks to be configured as Standard/Unified. In that case the RED "should" act as a router to route the traffic between the remote LAN and your own LAN and vice versa. In that setup you cannot connect both the WAN and LAN ports of the RED to the same network segment since then there can be no routing.
What you may probably want is to have the RED in Transparent/Split mode where you put your Local Domain (Network) in the split networks list.
Also in this setup, the UTM's RED interface will get an IP-address from the remote site, so you should configure the RED interface in the UTM as DHCP (or fixed in the SAME network as the LAN segment of the Technicolor router of the remote site).
So the remote site will give an IP to your UTM RED interface.
Then you have 2 options of connecting the RED in the remote network:
Option 2 is the nicest solution since it interferes the least in the remote network (easiest would be to only add static routes to your subnets that need to be reached by the RED).
The situation you have with the site-to-site VPN with the same IP-segment should in that case be solved by NATting the VPN traffic over a different subnet. Unfortunately that is something that needs to be changed in both sides of the VPN connection.