Tasked with deploying 2x RED50 devices - overwhelmed and questions!

Hello all,

Hope everyone is staying safe and healthy in these times.  I've been tasked with deploying 2 RED50s, to 2 different locations. Having only deployed a RED15w to another remote office it took me 2 days and some help onsite (site had static IP and was configured for a different subnet). I'm going to have to do the same thing for another RED50 this time so I think I can handle that on, provided my onsite help can handle hotspotting (for the DHCP portion of the setup). :)

However, the second RED50 is what will have me perplexed. It is the only one of the bunch that I actually have on hand before deployment and it is also the one that needs to be a part of the same subnet.  This RED50 is going into a data center to handle our offsite cluster (backup and disaster recovery). I have our (soon to be) offsite cluster configured and working perfectly in our present LAN setup.

Local Sophos UTM is SG210 on 9.702 fw.

 

The questions I have for this deployment: ( networking is NOT my forte :) )

1 - Can I pre-configure the RED50 locally in office, register it and then change the IP / gateway to static, power it down and move it to the data center

2 - How can I configure the RED50 and the SG so that the RED50 acts as an extension of the current LAN? (LAN is 10.x.x.x/24, SG is the DHCP server and dishes out IPs from .100 up) I want the RED50 to have 10.x.x.95 and the cluster already has .97 and .98 assigned to it.

3 - Any suggestions on how to make my life easier on configuring future REDs to remote sites with static IPs?

  • Hello Dave,

    as far as I understand, you want to do bridging to avoid having two different network segments inside your company and in the datacenter.

    As these are two physically different networks connect through a WAN link with (I guess) smaller bandwidth as the LANs, why would you want that?

    I strongly vote against this design, and to be frank, it's ugly and has huge performance issues.

    So why not use plain routing with two different IP subnets, this is what IP and IP routing was intended for! This is a lot faster, especially in Windows networks.

    From the security perspective, network segmentation is also wise and you will have the opportunity to control network access with clear firewall rules and zones.

    Could you give us a network diagram to help you further?

    What kind of cluster are these systems?

  • In reply to jprusch:

    Hello Phillip,

     

    Here is a quick and basic network diagram:

     

    The remote cluster has a Linux VM with an internal address 10.25.X.80 that has one of our backup targets. This cluster can also act as a backup node to any of the server VMs located on the main cluster. To limit reconfiguration of target IPs and to allow seamless cut overs, that is primarily why it should (?) remain on the same LAN segment.

    Clusters are SCALE and internal LAN, ISP and DATA Center are all 1Gbp full-duplex.