This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site RED tunnels

Hi,

I am deploying a Sophos Firewalls + RED devices at a customer place. The customer has P2P RF Links and Broadband connectivity and the current setup looks with something like follows:

15 location: Broadband Only - Deployed RED-60 devices

10 locations: Boradband + P2P RF links - Deployed XGS87 with RF as WAN and Broadband with VPN connection

5 location - P2P RF links only - RF as WAN over XGS87

HO Location - 3 broadband and P2P RF link

Broadband - Defined as WAN Zone on all Firewalls

RF Link - Defined as WAN on branch side with Gateway as HO side P2P RF IP Address. On HO side P2P RF is defined as LAN as no Gateway IP address available for it.

Challenges:

1) Using P2P RF the branches are able to reach the HO, however, we are not able to access the branches from the HO side over this link (understandable so)

2) Can we create a site to site RED tunnels between XGS87 and the HO Firewall? Some sites do not have broadband, hence the query

As per my understanding if site-to-site RED tunnels (between Firewalls, no RED involved) are possible without Internet connection, then that would resolve the entire issue. Please let me know if my hypothesis is right, if not do suggest ways to overcome the challenges.



This thread was automatically locked due to age.
  • RED tunnels without internet access definitely work, we use them for some leased lines (although provisioning can be tricky if no deployment server is reachable).
    For links between SG or XG devices I'd go for standard S2S tunnels (preferably IPSEC, but SSL is possible) without the RED emulation.

  • I would rather use RED instead. Simply because RED offers a Interface and can support route based VPN. 

    __________________________________________________________________________________________________________________