RED of two Virtual XG's: How to route traffic through Main-Side??


I have two virtual sophos XG appliances connected through RED.

This works pretty well, and currently they are acting (per default) in Standard/Split configuration.

However, since security measurements become more and more important, we want to route the whole traffic of the Client Site through the Server Site, as in the picture below. Somehow I can't get that to work.

I double checked, and there seems to be no way to select operation modes of the RED tunnel when not using a physical RED device. 

[edited by: FletcherMason FletcherMason at 10:31 PM (GMT -8) on 26 Feb 2021]
  • Hi Mason, You can't select the configuration mode with RED Site to Site tunnel in between two XG firewalls.

    If you want to route all the traffic from one location to the other loation, You can add a default static route pointing towards the other end of RED tunnel's IP and select the Same RED Site to Site interface.

    After this, you can set the static route to the highest priority by running this command in the device console

    (Option 4) --> system route_precedence set static sdwan_policyroute vpn.

    Attaching snapshots here for your reference

    Devesh Mishra
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, use the 'Verify Answer' link.