A Remote Ethernet Device is a network appliance that provides a secure tunnel between a remote site and the firewall. The RED provisioning service supports RED deployment and provides security options.

  • To turn on the RED provisioning service, click the on/off switch, specify details, and click Apply.
  • To force REDs to use only TLS 1.2, enable Force TLS 1.2 and click Apply. TLS 1.2 is recommended for enhanced security.
    Note For devices to support TLS 1.2, a firmware upgrade may be necessary. Check your device specifications before enabling this option.
  • To automatically deauthorize REDs after they have been disconnected, enable Automatic device deauthorization, specify a time, and click Apply. When a RED attempts to reconnect after being deauthorized, it will be disabled. This option is recommended to prevent unauthorized devices from connecting to the firewall.
    Note This option does not apply to firewall REDs.
  • RED unified firmware offers the latest features. Some RED devices (example: RED 50) support both legacy firmware and unified firmware. To make sure such devices only use unified firmware, select RED unified firmware.

    To update the RED firmware, go to Backup & firmware > Pattern updates, and install the RED firmware. RED firmware updates aren't installed automatically. This allows you to schedule downtime.

    Note RED unified firmware is selected by default. If you've migrated XG Firewall to a different version, your existing RED setting is migrated. However, if you reset XG Firewall to factory configuration, RED unified firmware is selected.


If you receive the message “Registering with RED service failed”, check if you can reach the RED service through telnet. Type the following on the command line:

telnet 3400

If you can reach the service, the connection error may be due to high network load. In this case, try connecting again later.