Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SD-RED load balancing and routing

Hello,

We have deployed Sophos SD-RED 60 to our Office 4. This RED is currently connecting to Office 1. We have established SSL VPN tunnel between Office 1 and Office 2 where Office 1 is acting as server and pushing networks deployed at Office 4 as local networks.
We are considering second VPN tunnel between Office 4 and Office 2. We would use it for failover or better for load balancing. My question is about routing and to consult pottencional issues, I am afraid of loops.
Let's say Office 2 would like to access network of Office 4. This network is reachable through SSL VPN tunnel to Office 1 or directly to Office 4. Is direct connection always prefered? What about packets going back to connection initiated by Office 4?
In the future we plan to replace firewall at Office 3 to be SD-RED as well and this would connect to Office 1 and Office 2 for load balancing.



This thread was automatically locked due to age.
Parents
  • Hello,
    This doesn't fit your numerous questions, but I'm pretty sure that a RED can only ever be connected to one firewall.
    The 2nd firewall entry in the RED configuration is only for a possibly existing 2nd ISP connection on the firewall


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Yes, you should consider to use a SFOS firewall instead of a red for this use case. 

    __________________________________________________________________________________________________________________

  • So the 2nd firewall IP is here for the case I would have two WAN connections on my base XG firewall and not for the connecting to other XG firewall, right?

    It would make sense to me coz I could then have two different configurations at every office and RED would not be sure which one to take.

Reply
  • So the 2nd firewall IP is here for the case I would have two WAN connections on my base XG firewall and not for the connecting to other XG firewall, right?

    It would make sense to me coz I could then have two different configurations at every office and RED would not be sure which one to take.

Children