Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 1492 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED configuration question

m25mark

Hi, first time RED deployment 

Situation:

SG210 at main office. LAN is 192.168.20.0/24
RED 15

Plan is to deploy in Standard/Split mode so Internet traffic uses the branch office existing Internet.

Problem: The branch office is in one of those office suite buildings where the Internet access is provided to the suites. Individual suites are VLAN'd. In this case, the one and only PC in the branch office suite has been given (DHCP) the IP address on the office building's LAN: 10.100.0.128/16.

As a test, I tried to configure the RED at my house to connect the same way. I have a LAN using NAT at home, so I have a 192.168.1.x/24 address on my PC.

The RED connected no problem, but I cannot ping any devices on the 192.168.20.0 network at the main office. I then tried the other two modes and had different issues but in no case was I able to connect to the Internet and also connect to devices through the RED - regardless of the mode I was in.

So I don't want to send this thing to the branch until I fully understand what I'm doing wrong and can make it work. Can someone walk me through the steps to configure a Standard/Split Mode? Yes, I know there are both Sophos and 3rd party documents available but neither helped me.

Thanks



This thread was automatically locked due to age.
  • 0

    Hi Mark Creamer,

    what rules do you have place from the office network to the RED network?

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

  • 0

    Hi,

    should post you firewall rules as told u before ...

    in addition you could traceroot the DST IP to see whats the route your client chooses

     

    Post the result and we can help you :-)

  • 0

    When you defined the RED, Mark, you caused a virtual NIC to be created, probably reds0.  Then, you used that NIC to define an interface on your UTM.  WebAdmin automatically creates routes between all subnets defined on interfaces on the UTM.  You do need to create firewall Allow rules for desired traffic between interfaces.  Review #2 in Rulz.

    If you're still not getting the result you want, what do you learn from doing #1 in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML