RED

A Remote Ethernet Device (RED) provides a secure tunnel between a remote site and XG Firewall.

REDs connect remote branch offices to your main offices as if the branch office is part of your local network. Using RED interfaces, you can configure and install RED appliances or create a site-to-site RED tunnel between two XG Firewall devices in a client-server configuration.

The RED provisioning service supports RED deployment and provides security options, such as enforcing TLS 1.2. We maintain the RED provisioning servers (example: red.astaro.com). You only need to fill the RED configuration details to register with the provisioning server.

  1. RED configuration: To allow XG Firewall to offer RED services, you must register it with the RED provisioning server. To register XG Firewall, do as follows:
    1. Turn on RED status.
    2. Specify the Organization name, City, Country, and Email.
      Note Do not enter umlaut characters (example: Köln) or special characters for the organization name and city. XG Firewall uses these details to generate a certificate for secure RED communication.
    1. Accept the license agreement.
    2. Click Apply.

      You can now see the other RED settings on the page.

  2. Optional Force TLS 1.2: To force REDs to use only TLS 1.2, turn on Force TLS 1.2 and click Apply.
    Note We recommend using TLS 1.2 for enhanced security.
  3. Optional Automatic device deauthorization: To automatically remove RED appliances' authorization when they remain disconnected from XG Firewall for the specified time, do as follows:
    1. Turn on Automatic device deauthorization.
    2. Specify a time.
    3. Click Apply.
      Tip We recommend that you turn on this option to prevent an unauthorized RED appliance or Firewall RED Client from connecting to XG Firewall.

      To authorize a deauthorized RED appliance, go to Network > Interfaces. For the RED device you want to authorize, click the edit interface button Edit interface on the right, and turn on the interface.

      Here's an example of how to turn on a deauthorized RED appliance:


      Turning on deauthorized RED
  4. Optional RED unified firmware: RED unified firmware offers the latest features. Some RED devices (example: RED 50) support both legacy firmware and unified firmware. To make sure such devices only use unified firmware, select RED unified firmware.

    To update the RED firmware, go to Backup and firmware > Pattern updates, and install the RED firmware. RED firmware updates aren't installed automatically. This allows you to schedule downtime.