Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED vs IPSec (XGS)

Vinícius Oliveira

[POST DE DEBATE SOBRE O ASSUNTO]

Opa pessoal!

Em minha infraestrutura eu tenho o escritório na matriz (XGS 3100) conectado a outros quatro escritórios filiais (XGS 136) por Tunel RED, utilizando a configuração RED Server no escritório matriz e RED Client nos quatro escritórios filiais. Todos os firewalls se comunicam e os quatro escritórios filiais utilizam recursos hospedados no escritório da matriz. Cada firewall possui um ISP diferente.

A estrutura está descrita de modo simplificado, a baixo.

Ocorre que recentemente meu chefe questionou o uso da tecnologia RED, ressaltou que utilizamos esta forma de conexão desde a implantação dos firewalls, que possuem outras tecnologias disponíveis e melhores.

Em uma conversa informal, alguns conhecidos defendem imensuravelmente o uso de VPN com suporte a SD-WAN para conexão entre seus firewalls.

Particularmente, vejo algumas pontos de melhoria na tecnologia RED, conheço a tecnologia desde a versão SFOS 16 e sinto a falta de atualizações que deixem o serviço RED mais simplificado para manipulação do tráfego. A escolha do gateway de saída a partir do RED Server por exemplo.

  • O que acham da tecnologia?
  • Possuem dentro do ambiente?
  • Alguma indicação de upgrade de tecnologia?
  • A VPN IPSec realmente é melhor que o tunel RED?
  • Existem outras maneiras mais eficazes e atuais de estabelecer, de forma segura, a comunicação entre escritórios e filiais?

------------------------------------------------------------------------------

Hey guys!

In my infrastructure, I have the head office (XGS 3100) connected to four other branch offices (XGS 136) via RED Tunnel, using the RED Server configuration at the head office and RED Client at the four branch offices. All firewalls communicate with each other and the four branch offices use resources hosted at the head office. Each firewall has a different ISP.

The structure is described in a simplified manner below.

It turns out that recently my boss questioned the use of RED technology, pointing out that we have been using this form of connection since the firewalls were installed, that there are other and better technologies available.

In an informal conversation, some acquaintances strongly advocate the use of VPN with SD-WAN support for connection between their firewalls.

Personally, I see some points for improvement in RED technology, I have known the technology since version SFOS 16 and I miss the updates that make the RED service simpler for handling traffic. Choosing the exit gateway from the RED Server, for example.

  • What do you think of the technology?
  • Do you have it in your environment?
  • Any suggestions for upgrading the technology?
  • Is the IPSec VPN really better than the RED tunnel?
  • Are there other, more effective and current ways to securely establish communication between offices and branches?


This thread was automatically locked due to age.
  • 0

    RED site to site is in general the same as a XFRM Route Based VPN. You can use the same techs for it (SD-WAN etc.). 

    VPN is just "faster" than RED, as it uses the NPU of XGS and it has a more streamlined approach. 

    __________________________________________________________________________________________________________________

    • 0

      Hello  ,

      I may recommend you get in touch with your local Sophos Sales Engineer or Sophos Partner for this discussion. I believe they can be of further assistance to your concerns about your setup and requirements. 

      Hope you have a nice day, and thank you for choosing Sophos. 

      Regards,

      Raphael Alganes
      Community Support Engineer | Sophos Technical Support
      Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
      If a post solves your question use the 'Verify Answer' link.

      Unfiltered HTML