This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does a RED in Standard/Split block any traffic at the remote office that's destined to or from the internet?

I have a client using a SG115 at the main office and a RED10 at their remote office. The remote office used to have a home router that managed the lan. We replaced it with the RED10. The RED10 is configured in Standard/Split and internet browsing and split network traffic is working. This is setup as cable modem>RED10>Unmanaged Switch. However, their remote office has a security system that connects to the internet via an ethernet cable plugged into the RED. The security company said their system no longer connects back to them over the internet connection since we replaced their router with the RED. 

My question is, by default does the RED10 block any traffic/ports in or out that's destined for or originating from the internet? I know you have to add firewall rules to the UTM to allow traffic from the RED network to the UTM split network and vice versa but I was under the impression that internet traffic was unfiltered and not managed by UTM firewall rules. 



This thread was automatically locked due to age.
  • RED doesn't allow for forwarding inbound connections from the Internet, only for return traffic. If you don't want to put the home router in front of the RED, you will need to have the security company access via the main office and add a DNAT to the SG 115 sending the traffic through the RED tunnel to the device in the remote office.  Either that or go to Standard/Unified.

    Cheers - Bob

    PS My preferred solution where all traffic doesn't pass through the RED tunnel is an SG 105 with a Network Protection subscription.  With two, successive, three-year subscriptions, the total cost is less than a RED 50 and it's more flexible and faster.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Makes perfect sense. Thanks! Fortunately their system phones home and they don't connect in so I just needed to make sure the ports were open outbound. I determined they were by successfully telneting to a server I set up to listen on the ports they requested. They ended up finding the problem on their end. This information will come in handy in the future though!