Sophos RED does not download config

Hello Everyone,


I am writing this post as I just purchased a Sophos RED 10 Rev. 3 from eBay. I have a Sophos XG with the Home license in my small server rack, and I opened all the ports as described on the technical training guide:

I checked if my Sophos RED is able to ping and connect to the server (i checked the entire * domain) and I checked if the ports tcp/udp 3400 and udp 3410 are open, and they are. 

I have the unlock code provided by the Sophos support, and I created a new interface on the Sophos XG with the RED ID and the Unlock code. 

The Network is divided in two parts: the XG is connected to a router which forwards all the traffic there and the RED is connected to another router with a different WAN IP address (they are on two different cities).

The issue here is that this Sophos was already used in another company, and everytime it turns on, it tries to contact the old UTM, as I can see from the NAT Translations on the RED Router:

(x.x.x.x is the WAN IP address)

udp x.x.x.x:42048 <----Time servers
udp x.x.x.x:42848 <----Time servers
udp x.x.x.x:42858 <----Time servers
udp x.x.x.x:49663 <----Time servers
tcp x.x.x.x:51642 <----Time servers
udp x.x.x.x:53904 <----Time servers
tcp x.x.x.x:59325 <----Astaro servers (
tcp x.x.x.x:59327 <----Astaro servers (
tcp x.x.x.x:59329 <----Astaro servers (

tcp x.x.x.x:59367 y.y.y.y:3400 y.y.y.y:3400 <----this is the RED trying to connect to the old USG, and I discovered it by searching the IP on

One comment from a post dated 2012 said that in order to factory reset the RED and let it download the new config, you need to block the IP address of the old USG and then, after 3 or 4 times, it will download the new config from the astaro website. I blocked the connections to that y.y.y.y IP either via an ACL or by setting a route to that IP that goes to Null0, so that the RED is unable to connect to it. But it still loops even when I leave it on for an entire night and it never downloads the config from the server, I believe, as it does not connect to my XG.

I also tried to delete the old RED interface and create a new one and make the provisioning of the RED offline (so I downloaded the file - it's a 7kb file - and I put in a 1gb USB stick).

When it boots, I see it reads something on the USB drive and then it still goes on and on trying to connect to the same server. (I see the system, router and Internet LED lit, and the Tunnel LED blinks)

Is there a definitive way to make the RED download the config either from the USB drive or from the website?

I do not have the tool redalert.exe, as there is nowhere to be found on the internet, so I am not able to test if the polices are on the astaro servers or not, but I thought that by using the USB drive I would overcome the Astaro server.

Thanks for everyone who will answer!