Recently I purchased a RED20 to connect our branch office to HQ. The HQ has a Sophos XG firewall (XG310) which is all up to date.
When I try to connect the RED20 from the brach office to HQ no connection is being made.
What happens is this:
when booting the RED20 the system light starts blinking green and after a few seconds it's steady green and the router light starts blinking green.
After 70 seconds the router light dies and the system light turns red. This sequence keeps repeating itself.
The RED20 is connected directly to router and it should get an IP address from it.
On the XG I added a RED interface but it doesn't show any signs of connectivity with the RED20 (offline)
Does somebody have any clue why this isn't working?
Thank you for contacting the Sophos Community.
Usually, that combination of lights might mean that the Default Gateway is unreachable.
If possible as a test I would recommend you to remove…
If possible as a test I would recommend you to remove the Router where the RED is connecting and connect the RED directly to the internet line.
Or if the router in front of the RED allows assigning a Static IP to the RED, try setting a static IP to the RED.
You can also confirm if you see traffic arriving at the XG, by using the Public IP of the remote site as a host in the tcpdump.
tcpdump -eni any host 188.8.131.52
Thanks for your reply.
Unfortunately it isn't possible to connect the RED directly to the internet. But in the router I see the RED gets an IP-address assigned to it (DHCP client list).
If I replace the RED with a laptop it gets also an IP-address, gateway-address and dns-server-addresses assigned to it.
Tommorrow I will be on the remote location again and give the tcpdump a try.
You also mentioned assigning a static IP-address to the RED. Can you tell me how that's be done?
Thank you for the follow-up.
To set the IP to the RED you do it from the XG, however, if the device is behind a NAT device, the RED will need an IP from that device to be able to go out the internet to reach the provisioning server.
Once it connects the RED will pull down the configuration and create the tunnel with the XG.
For what you mentioned, most likely the RED is getting the IP, make sure also port port 3400 is open on the router in front of the RED and by your ISP.
You can test by running the following command from a computer behind your current NAT device
telnet red.astaro.com 3400
You should see something like this:
# telnet red.astaro.com 3400Trying 184.108.40.206...Connected to red.astaro.com.Escape character is '^]'.
when testing red.astaro.com on 3400 is successful from an other device, it may be this bug if you're on a lower version
fixed in 18 MR5 and 18.5 GA
It looks like there is nothing wrong with the connection to red.astaro.com
When I try to telnet, as you suggested, the connection is established.
Do you have any other suggestion?