ip address leak

Question

My employer sent me a RED20 so I can work from home. My laptop is plugged into the RED, which in turn is connected to my home network thru a switch that then connects to my router. 
 When I do a whatismyip check the laptop is reporting my public IP address of my provider, and not the IP ip address of my employers public IP. I have confirmed this on several IP test sites. 
 I am concerned that there may be some kind leak where some traffic is going thru the RED and she is bypassing the VPN and connecting directly to my local ISP. 
 Employer says the unit is configured properly and the same as all other WFH employees, and suggests it is something local to my network causing this. Either way I am concerned about backdoor access to my employers network. 
 
 Any thoughts on this? Thanks

Alan Brand · Answer

See here for detailed description of the RED device: Sophos UTM: RED (Remote Ethernet Device) technical training guide 
 Your employer probably did set the RED in split mode , so only traffic to the corporate network is tunneled, "normal internet traffic" (as whatismyip and similar sites) is sent directly to the internet (look at the yellow arrow in the diagram). This will normally speedup things, since this traffic does not have to be routed twice (at your internet, the tunnel and the corporate internet). 
 If you're concerned about privacy issues ask your admin to change this to unified mode . In this mode every traffic is routed to the company's firewall and internet line and thus will originate from the corporate IP. However, depending on the bandwidth of the involved lines, this may slow down traffic.

ip address leak

Top Replies