This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet access when UTM is down

Hi,

We are using RED device at our remote location that connects to our UTM Firewall which is located outside of offices at Datacenter.

At the moment RED device is configured to: Standard/Unified mode, which means that all traffic happening at the remote location is going through RED tunnel to our Firewall including internet traffic. When our UTM is down we do not have Internet access at our remote location.

I read some documentation and could see that RED can be placed to mode Standard/Split this would mean that just LAN traffic from remote location would go through RED tunnel to our Firewall and Internet traffic would go directly from RED device to outside.

To avoid losing Internet connection at our remote location when our UTM Firewall is down is it enough and sufficient to just place it in Standard/Split mode, or even then when UTM is down internet will not work.

Idea and plan is to have internet access available even when UTM is down. Behind that RED device we have a router from ISP.

Thanks !

Kind regards,
Goran



This thread was automatically locked due to age.
  • Hello  ,

    Thank you for reaching out to the community, in the Standard/Split mode:


    Standard/Split mode is physically similar to Standard/Unified mode. We expect that the remote network may be managed by the UTM, and UTM may provide DHCP to the remote LAN. Also, the RED is most likely the only device between the LAN and the internet. However, only traffic for selected networks is sent through the tunnel. All other traffic is sent directly out the local internet connection. The RED will masquerade outbound traffic to come from its public IP address. This minimizes bandwidth usage over the tunnel, and lightens the bandwidth requirements on the UTM, but it also reduces the manageability of the remote network substantially. Traffic to or from the internet cannot be filtered or protected from threats. Security can only be applied between the remote and local LANs.  

    In the event that the RED loses contact with the UTM, and the tunnel fails, the RED will fail closed. Remote LAN users will lose access to the internet as well as to the UTM LANs until the tunnel can reconnect.
     

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • RED's main purpose is to just provide a tunnel back from your remote location to your UTM location.  Even if your UTM drops using Stanard/Unified mode, your users will not get internet, as it's outlined in the RED guide.

    You might be better served using a UTM at your remote site and have it as an HA or something.

    Edit: and Vivek just copied and pasted it from the link I gave.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hey Vivek and Amodin,

    Thank you for your replies.

    I did read that as well on KB, just wanted to confirm it.

    Guess I'll try to figure something out outside of RED device.

    Thanks !

    Kind regards,
    Goran.