Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1491 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED Interface Question

RobertCoupee

At our main site we have two Sophos XGS3100 in a highly available (active/passive) configuration.

At a second site we have a single Sophos XGS 2100.

On our Sophos XGS3100 we have a RED interface for a Sophos SD RED60 at a third site in a Standard/Unified operating mode.

In the settings for a RED interface there is the option to specify a '2nd firewall IP/hostname', is it possible to use this setting so that the RED device fails over to a separate Sophos Firewall?

If it is not possible to use this setting to failover to a separate Sophos Firewall, in the event of internet connectivity loss to the Sophos Firewall where the RED device is 'homed' how do we repoint the RED device to a different Sophos Firewall?

Thanks,

Mark



This thread was automatically locked due to age.
Parents
  • +1

    Hi  ,

    Thank you for contacting Sophos Community!

    Unfortunately, we cannot have failover configured through the different hardware. The failover is only provided in case of the firewall gateway reachability. 

    One must reconfigure RED to another hardware manually in case if it is required.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Mayur Makvana

    yes, the RED would not work on the 2nd firewall because both use different, individual RED-Controller configurations including certificates.

    you can let the RED connect to the other firewall (XGS2100) but then you would need to route/NAT the RED traffic from there over to the XGS3100.

    that wouldn't make much sense because the XGS3100 needs internet anyway to IPSec to the 2100.

Reply
  • 0 in reply to Mayur Makvana

    yes, the RED would not work on the 2nd firewall because both use different, individual RED-Controller configurations including certificates.

    you can let the RED connect to the other firewall (XGS2100) but then you would need to route/NAT the RED traffic from there over to the XGS3100.

    that wouldn't make much sense because the XGS3100 needs internet anyway to IPSec to the 2100.

Children
No Data
Unfiltered HTML