PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
Site-to-site topology with two UTMs ver 9.4x.. Followed Sophos resource to build my first RED tunnel with my IP subnets and all worked well, no problems. Resource: https://community.sophos.com/kb/en-us/120157
Now I want to build a RED tunnel for a layer 2 application and I need to bridge both LANs via the Tunnel. I cannot figure out how to bridge LAN port to its respective virtual interface (i.e. REDS1, REDC1) on each UTM, assuming this is the necessary step at least conceptually. Any guidance from the community will be much appreciated...
In fact, this is the one situation for which I prefer to use UTM-to-UTM RED tunnels. I did the first one five years ago for a manufacturer of coaches (like for rock bands, etc.). One location has their video server/controller and they have a camera inside their demo coach. They wanted to be able to have the camera connect with the video server from that location and their other location.
I bridged the reds1 to the NIC connected to WiFi in one location and redc1 to WiFi in the other. In the redc1 UTM, I eliminated the DHCP server for the WiFi subnet. The only real trick is changing the Interface from "Ethernet" to "Bridged Ethernet" and then you can select the red?? virtual NIC. Was that a clear enough description?
Cheers - Bob
In reply to BAlfson:
Thanks Bob for providing response and a practical example for how it was successfully used.... Does changing the Ethernet interface to Bridged Ethernet remove any functionality from the devices that will point to that interface as a gateway.
We want to extend two vlans to the remote site using SG-xxx UTMs at each site. We also want each UTM to provide gateway & Web Protection service to those devices in their respective location. Do you see any potential caveats with this we might be overlooking...
In reply to SteveGitto:
The only functionality removed by bridging is the loss of the ability to do QoS on the bridged Interface. I've never seen a situation where that couldn't be worked around by doing QoS on the other Interface(s).
Thanks again for your response. One last question???
Should we have the ability to create an Ethernet Bridge with interfaces for Eth0, REDS1, VLAN xxx ? and are we correct to assume it has to be done on both ends of the tunnel?
When we change interface eth0 from Ethernet to Ethernet Bridge all we see are the unused phy interfaces and no virtual interfaces. Perhaps this is a tech support issue?
Yes, both ends of the tunnel. If you're not seeing the reds1 virtual NIC, it's probably because it's in use in an existing "Ethernet" Interface definition that should be deleted. Any luck with that?
You were correct. I went one step too far and had to back out of my configuration to proceed with bridged interfaces. Thanks for the guidance along the way and I apologize for not updating sooner.
This is good stuff!
Tried to follow the same setup here but we have not had any luck. Did you have to place any firewall rules into the UTM to get it to work?
In reply to way2fast59:
Yes, you need a firewall rule in both sites like 'WiFi (Network) -> Any -> WiFi (Network) : Allow' in order for traffic to transit the bridge.