Remote Ethernet Device (RED) Red Listener - Restrict IP

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 5 replies
Subscribers 2 subscribers
Views 2979 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Red Listener - Restrict IP

n8xja over 9 years ago

Is it possible, officially or unofficially, to restrict the hosts that the RED service on the UTM will allow connections from?

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago

Is this the reason for your other post - someone has gotten a copy of a RED Tunnel config file and is connecting to your UTM?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 utmadm over 9 years ago in reply to BAlfson

I had the same (or similar) question, and here is my scenario:

* The RED 10 is in a remote branch office location with less-than-perfect power and networking reliability.

* The RED 10 is behind (private side of) a standard NAT/router. The NAT/router has a known public IP address.

A recent power outage and network failure lasted several days, and the RED 10 did not reconnect within the (default) 60 minute time period for Automatic Device Deauthorization, so the RED 10 was disabled until I manually reactivated it. Because power and networking are not reliable in this remote office, we are wondering whether Automatic Device Deauthorization makes sense. At the same time, we want to prevent the RED 10 from unauthorized use in case of theft, etc.

OBJECTIVE:
Configure the RED 10 so that it is allowed to connect only from behind a NAT/router with a designated public IP address. If the public address is anything else, the RED 10 should be disabled (or blocked).

Is there an easy way to do this from the WebAdmin interface?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 utmadm over 9 years ago in reply to BAlfson

I had the same (or similar) question, and here is my scenario:

* The RED 10 is in a remote branch office location with less-than-perfect power and networking reliability.

* The RED 10 is behind (private side of) a standard NAT/router. The NAT/router has a known public IP address.

A recent power outage and network failure lasted several days, and the RED 10 did not reconnect within the (default) 60 minute time period for Automatic Device Deauthorization, so the RED 10 was disabled until I manually reactivated it. Because power and networking are not reliable in this remote office, we are wondering whether Automatic Device Deauthorization makes sense. At the same time, we want to prevent the RED 10 from unauthorized use in case of theft, etc.

OBJECTIVE:
Configure the RED 10 so that it is allowed to connect only from behind a NAT/router with a designated public IP address. If the public address is anything else, the RED 10 should be disabled (or blocked).

Is there an easy way to do this from the WebAdmin interface?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data