What exactly are the differences between RED and a standard VPN?


Sorry to keep asking questions throughout these forums, I have learn't so much about my XG in the month or so I have been using it. So I am definitely getting better at administering it. However there is still one problem which remains unresolved, I have logged numerous support calls and even though we thought it was fixed it isn't.

I have taken matters into my own hands and decided to try and get to the bottom of this myself, but to do that I need to know more about what exactly are the main differences between how RED operates and how a standard VPN does?

Here is the scenario:

My head office (XG 230) was connected to our Wakefield branch by a RED15. However, for some reason at random times during the day the traffic being sent to this RED would spike for a few moments and cause every user at that office to lose their RDP session. I couldn't figure out what was causing these spikes, I also didn't understand why they would be allowed to "flood" the connection so badly? Even when I spoke to Sophos Support and we enabled traffic shaping to prioritize RDP traffic, it didn't help.

After 2 weeks of users complaining of being cut off, I had to give up. I switched them back on to a standard IPSEC VPN between their Draytek router and my XG 230. Since then, everything has worked flawlessly.

I thought it might just be a bad device, so I installed a 2nd RED15 at our Leeds office, the same thing is happening just not as often.

I have just ordered some AP55C wireless points, I want to be able to manage them from the XG230 and for this to work they need to be connected via the RED's. So I really would appreciate some assistance in getting to the bottom of this.

Why does a standard VPN manage the traffic so much better than a RED? The RED's sole purpose is to connect branch offices, where-as the IPSEC VPN is just one function of many on a router.

I am getting to the point where I am considering eBaying the RED's and never buying them again.

Technical Info:

Head Office:

Leeds Office:

RED IP: - Transparent/Split - Split Network (

Firewall Rules:

Leeds In: Source Zone: RED_Leeds - Source Networks: Leeds_LAN

Destination Zone: LAN - Destination Networks: Halifax LAN - Services: Any

Leeds Out: Source Zone: LAN - Source Networks: Halifax LAN

Destination Zone: RED_Leeds - Destination Networks: Leeds_LAN - Services: Any


I did try Unified Standard which was the mode I wanted to use but this broke all VOIP phones. Then I tried Standard Split but this broke the Internet at the branch office :(