Recently I purchased a RED20 to connect our branch office to HQ. The HQ has a Sophos XG firewall (XG310) which is all up to date.
When I try to connect the RED20 from the brach office to HQ no connection is being made.
What happens is this:
when booting the RED20 the system light starts blinking green and after a few seconds it's steady green and the router light starts blinking green.
After 70 seconds the router light dies and the system light turns red. This sequence keeps repeating itself.
The RED20 is connected directly to router and it should get an IP address from it.
On the XG I added a RED interface but it doesn't show any signs of connectivity with the RED20 (offline)
Does somebody have any clue why this isn't working?
Thank you for contacting the Sophos Community.
Usually, that combination of lights might mean that the Default Gateway is unreachable.
If possible as a test I would recommend you to remove…
If possible as a test I would recommend you to remove the Router where the RED is connecting and connect the RED directly to the internet line.
Or if the router in front of the RED allows assigning a Static IP to the RED, try setting a static IP to the RED.
You can also confirm if you see traffic arriving at the XG, by using the Public IP of the remote site as a host in the tcpdump.
tcpdump -eni any host 18.104.22.168
Thanks for your reply.
Unfortunately it isn't possible to connect the RED directly to the internet. But in the router I see the RED gets an IP-address assigned to it (DHCP client list).
If I replace the RED with a laptop it gets also an IP-address, gateway-address and dns-server-addresses assigned to it.
Tommorrow I will be on the remote location again and give the tcpdump a try.
You also mentioned assigning a static IP-address to the RED. Can you tell me how that's be done?
Thanks for your reply, that is a great way of checking.
It's seems the connection from my network to red.astaro.com:3400 is okay. I don't see anything else in the router that might block outgoing traffic.
Do you have any other suggestions?
I just checked the documentation:
SD-RED 20 & SD-RED 60 uses TCP 3400 + UDP 3410
You cannot check UDP with tnc by the way.
Is this the first RED connecting to your XG?
"RED is connecting to red.astaro.com to get the config via port 3400. Then will connect to the XG hostname via 3400 and 3410."
But from your description the RED internet LED will not light up, correct? So it cannot access Sophos Cloud.
Yes, you're absolutely right. This is our first RED device.
Also the Internet light does not light up. It reaches the third stage of the booting codes (Device is connecting to default gateway/router) and after that the system light turns red (DHCP or static address settings failed, defaulte gateway not reachable)
If possible, I would move the RED to a different location and test from there.
Also if your NAT device allows some type of diagnostics tools, or TCPdump, I would see if it sees any traffic coming from the RED device.
I have moved the RED to a different location but the results are the same. My NAT device is unfortunately a very basic device with almost no diagnostic tools on board.
I've send you two zip-files (through private message). One is the tcpdump file, made from de XG console. The other one is a putty log from the RED20.
Perhaps you'll find some clues in it.
This would'nt be the first RED that has been shipped with faulty firmware unable to connect.
It is always connecting to Sophos Servers first to look for new configurations you made for it before connecting to your XG firewall.
So if connecting to Sophos = Internet is not working, you may have a bricked box there.
Don't know if you can re-image a RED or if this needs to be done by RMA. Perhaps emmosophos can write a line about that?
Yeah, I agree, that could be the case.
It should all be straight forward.
If nothing else will do, I'm gonna give the USB-stick option a try.
Thanks for your replies, I really appreciate it.
Thank you for the PM, I have requested some more information from you.
For the RED devices, it needs to be RMA.
Thanks for the soultion.
A DNAT rule was misconfigured.
The traffic was hitting NAT ID rule number 32, uponc checking your NAT rule it seems your rule has the Service as ANY, which is causing this issue
DNAT rule was narrowed down to the port specific being used to access the WRDSGW server.
Basically what is happening is that the XG is caching all the traffic in any incoming port and passing it down to the WRDSGW server.
Good you have it working now.
But what is WRDSGW?
And where is that NAT rule configured?