RED models
Interfaces for RED models specify device configuration and network settings.
Note Support for the following settings varies according to device model and RED version. Check your device and
firmware specifications for details.
RED
- Branch name
- Branch office where the RED is located.
- Type
- RED model.
- ID
- RED identification number. You can find the ID on the back of the device and on the product packaging.
- Tunnel ID
- Tunnel identifier. Ensure that the ID is the same for the RED and the firewall.
- Unlock code
- Code that allows the provisioning servers to accept a new configuration for a RED.
If you are configuring the RED for the first time, leave the unlock code blank. If the device has been set up previously on another Sophos firewall, type the unlock code.
The unlock code is sent to the email address that you provided when you turned on the RED provisioning service.
Important Retain the unlock code. You will need the code if you want to deploy the RED on another firewall.Separate unlock codes are generated for each deployment method. For subsequent deployments, make sure that you use the corresponding unlock code.If you cannot find the unlock code, contact Sophos Support.
- Firewall IP/hostname
- Public IP address or hostname of the firewall.
- 2nd firewall IP/hostname
- Alternate public IP address or hostname of the firewall.
- Use 2nd IP/hostname for
- The way in which the second IP address or hostname is to be used. Choose from the following:
- Failover The secondary host takes automatically over when the primary fails.
- Load balancing Distribute traffic equally between the primary and the secondary hosts. Select this option if both uplinks the first and the second hostname correlate to, are equal in latency and throughput.
- Device deployment
- Method by which the device is configured and deployed. Choose from the following:
- Automatically via provisioning service
- Manually via USB stick
Uplink settings
Define uplink connections type details and failover modes.
- Uplink connection
- Method by which the WAN connection on the RED obtains an IP address. Choose from the following:
- DHCP Assign the address dynamically. Using this method is recommended. If you are deploying using the provisioning service, the RED must connect to a DHCP network at least once to download the configuration.
- Static Provide a static IP address. Use this option only if DHCP is not supported.
- 3G/UMTS failover
- Use a mobile network in case of a WAN failure. Obtain the settings from your service provider. 3G/UMTS failover requires a USB dongle.
Note The RED firmware 2.0.018 doesn't support the D-Link DWM-222 USB adapter.
RED network settings
- RED operation mode
- Method by which the remote network behind the RED is to be integrated into your local
network.Note Split networks don't support FQDN hosts.Choose from the following:
- Standard/Unified
The firewall fully manages the remote network through the RED. It acts
as DHCP server and as default gateway.Note Handle VLAN traffic through the Standard/Unified mode if VLAN is deployed behind the RED.
- Standard/Split
The firewall manages the remote network and acts as DHCP server. Only
traffic targeted to split networks is redirected to your local firewall. All traffic not
targeted to the split networks is directly routed to the internet.Note This mode is not compatible with VLAN tagged frames.
- Transparent/Split
The firewall does not manage the remote network. It is connected to the
remote LAN and the remote LAN’s gateway and receives an address on the remote LAN through DHCP.
Only traffic destined for certain networks transmits down the tunnel. In this case, the RED
does not act as the gateway, but it is in-line with the gateway and can transparently redirect
packets down the tunnel.Note This mode is not compatible with VLAN tagged frames.
- Standard/Unified
The firewall fully manages the remote network through the RED. It acts
as DHCP server and as default gateway.
- RED IP
- IP address of the RED.
- Zone
- Zone assigned to the interface.
- Configure DHCP
- Allow the RED to provide DHCP to devices.
- RED DHCP range
- DHCP range for devices behind the RED.
- Split network
- Traffic to the networks listed is redirected to the firewall. The remaining traffic is routed directly to the internet.
- MAC filtering type
- Type of MAC filtering.Choose from the following:
- Whitelist Allow only addresses on the list.
- Blacklist Block addresses on the list.
Check your device specifications for the maximum number of MAC addresses allowed.
- Tunnel compression
- Compress tunnel traffic. Data compression can increase the throughput of RED traffic in regions with slow internet connections.
Switch settings
Configure LAN ports as simple switches or for VLAN usage.
RED 50 and SD-RED 60 devices support VLANs.
- Switchport mode
- Choose from the following:
- Switch Send traffic to all ports.
- VLAN Filter traffic according to the Ethernet frames’ VLAN tag. This option allows you to tunnel more than one network into the RED tunnel.
PoE settings
You can turn on Power over Ethernet for one or both PoE ports of RED 60.