Scheduled maintenance on Saturday, August 8th from 7am to 10am (UTC). Licensing registrations and key activations will be unavailable during this period. More info here.
We'd love to hear about it! Click here to go to the product suggestion community
I am writing this post as I just purchased a Sophos RED 10 Rev. 3 from eBay. I have a Sophos XG with the Home license in my small server rack, and I opened all the ports as described on the technical training guide: https://community.sophos.com/kb/en-us/116573#RED%20technical%20overview
I checked if my Sophos RED is able to ping and connect to the server red.astaro.com (i checked the entire *.astaro.com domain) and I checked if the ports tcp/udp 3400 and udp 3410 are open, and they are.
I have the unlock code provided by the Sophos support, and I created a new interface on the Sophos XG with the RED ID and the Unlock code.
The Network is divided in two parts: the XG is connected to a router which forwards all the traffic there and the RED is connected to another router with a different WAN IP address (they are on two different cities).
The issue here is that this Sophos was already used in another company, and everytime it turns on, it tries to contact the old UTM, as I can see from the NAT Translations on the RED Router:
(x.x.x.x is the WAN IP address)
udp x.x.x.x:42048 192.168.3.142:42048 184.108.40.206:123 220.127.116.11:123 <----Time serversudp x.x.x.x:42848 192.168.3.142:42848 18.104.22.168:123 22.214.171.124:123 <----Time serversudp x.x.x.x:42858 192.168.3.142:42858 126.96.36.199:123 188.8.131.52:123 <----Time serversudp x.x.x.x:49663 192.168.3.142:49663 184.108.40.206:123 220.127.116.11:123 <----Time serverstcp x.x.x.x:51642 192.168.3.142:51642 18.104.22.168:37 22.214.171.124:37 <----Time serversudp x.x.x.x:53904 192.168.3.142:53904 126.96.36.199:123 188.8.131.52:123 <----Time serverstcp x.x.x.x:59325 192.168.3.142:59325 184.108.40.206:3400 220.127.116.11:3400 <----Astaro servers (red-prov-us-aurora.astaro.com)tcp x.x.x.x:59327 192.168.3.142:59327 18.104.22.168:3400 22.214.171.124:3400 <----Astaro servers (red-prov-us-aurora.astaro.com)tcp x.x.x.x:59329 192.168.3.142:59329 126.96.36.199:3400 188.8.131.52:3400 <----Astaro servers (red-prov-us-aurora.astaro.com)
tcp x.x.x.x:59367 192.168.3.142:59367 y.y.y.y:3400 y.y.y.y:3400 <----this is the RED trying to connect to the old USG, and I discovered it by searching the IP on Shodan.io
One comment from a post dated 2012 said that in order to factory reset the RED and let it download the new config, you need to block the IP address of the old USG and then, after 3 or 4 times, it will download the new config from the astaro website. I blocked the connections to that y.y.y.y IP either via an ACL or by setting a route to that IP that goes to Null0, so that the RED is unable to connect to it. But it still loops even when I leave it on for an entire night and it never downloads the config from the server, I believe, as it does not connect to my XG.
I also tried to delete the old RED interface and create a new one and make the provisioning of the RED offline (so I downloaded the REDID.red file - it's a 7kb file - and I put in a 1gb USB stick).
When it boots, I see it reads something on the USB drive and then it still goes on and on trying to connect to the same server. (I see the system, router and Internet LED lit, and the Tunnel LED blinks)
Is there a definitive way to make the RED download the config either from the USB drive or from the website?
I do not have the tool redalert.exe, as there is nowhere to be found on the internet, so I am not able to test if the polices are on the astaro servers or not, but I thought that by using the USB drive I would overcome the Astaro server.
Thanks for everyone who will answer!
You may have more luck in the XG section of the community website.
In reply to apijnappels:
Yeah. Sadly on the XG section there is no RED subreddit, so I thought it would be good to post it here.
I posted it there as well.