This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED configured on multiple UTMs

Hello Community, 

 

I have 2 sites that each have a pair of UTM's.  One is our main site, the other is DR.  We will use BGP to swing the external IP's, but I need to get the configuration, and remote networks for my RED devices on the DR firewall.

 

Can I do this via export/import, and disable the devices on the DR UTM?  What are my options here, other than manually adding the RED's to the DR firewall in the event of a disaster?

 

Thanks, 

 

James



This thread was automatically locked due to age.
Parents
  • Hello James,

    i think there is no supported way to import the RED at your DR Site.

    I am afraid RED ist not the right approach to fit your availability demand.

    My approach would be to replace the RED with Sophos XG85 (nearly same Price and throughput as RED, rackmound kit available, better visibility).

    For the XG85 you only need the free base license (and enhanced support) because IPSEC VPN is included in base License.

    On both of the Central Sites you save up the network protection license (if you don't use IPS and RED is only used feature of that license)

    it would be easy to configure IPSec VPN on both Central Site UTM Pairs and then have a BGP Failover.

    you'll need to bind the tunnel to the BGP WAN Interface to make sure that the Passive Location does not try to connect, or set your Central Site to "Respond Only".

     

    Yours Lukas

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

Reply
  • Hello James,

    i think there is no supported way to import the RED at your DR Site.

    I am afraid RED ist not the right approach to fit your availability demand.

    My approach would be to replace the RED with Sophos XG85 (nearly same Price and throughput as RED, rackmound kit available, better visibility).

    For the XG85 you only need the free base license (and enhanced support) because IPSEC VPN is included in base License.

    On both of the Central Sites you save up the network protection license (if you don't use IPS and RED is only used feature of that license)

    it would be easy to configure IPSec VPN on both Central Site UTM Pairs and then have a BGP Failover.

    you'll need to bind the tunnel to the BGP WAN Interface to make sure that the Passive Location does not try to connect, or set your Central Site to "Respond Only".

     

    Yours Lukas

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

Children
No Data