Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 41 subscribers
  • Views 1114 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SD-RED load balancing and routing

Aleš Pospíchal

Hello,

We have deployed Sophos SD-RED 60 to our Office 4. This RED is currently connecting to Office 1. We have established SSL VPN tunnel between Office 1 and Office 2 where Office 1 is acting as server and pushing networks deployed at Office 4 as local networks.
We are considering second VPN tunnel between Office 4 and Office 2. We would use it for failover or better for load balancing. My question is about routing and to consult pottencional issues, I am afraid of loops.
Let's say Office 2 would like to access network of Office 4. This network is reachable through SSL VPN tunnel to Office 1 or directly to Office 4. Is direct connection always prefered? What about packets going back to connection initiated by Office 4?
In the future we plan to replace firewall at Office 3 to be SD-RED as well and this would connect to Office 1 and Office 2 for load balancing.



This thread was automatically locked due to age.
  • +1

    Hello,
    This doesn't fit your numerous questions, but I'm pretty sure that a RED can only ever be connected to one firewall.
    The 2nd firewall entry in the RED configuration is only for a possibly existing 2nd ISP connection on the firewall


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Yes, you should consider to use a SFOS firewall instead of a red for this use case. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    So the 2nd firewall IP is here for the case I would have two WAN connections on my base XG firewall and not for the connecting to other XG firewall, right?

    It would make sense to me coz I could then have two different configurations at every office and RED would not be sure which one to take.

  • 0 in reply to Aleš Pospíchal

    correct


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Unfiltered HTML