Add a RED interface

You must specify a branch name, a RED type, and network settings. For RED hardware models you also specify a configuration.

Introduction

You can create two types of RED interfaces, which defines the configuration steps to take.
  • RED hardware model: Dedicated RED hardware without a user interface.
  • Firewall RED: A firewall playing a RED role in a client-server configuration. It needs network settings only.

Add an interface for a RED hardware model

Learn how to configure RED hardware models.

  1. Go to Network > Interfaces, click Add interface, and select Add.
  2. Enter a branch name.
  3. Select a type and specify the RED settings.
    • RED 15
    • RED 15w
    • SD-RED 20
    • RED 50
    • SD-RED 60

    Setting

    Description

    RED ID

    RED identification number. You can find the ID on the back of the device and on the product packaging.

    Tunnel ID

    Tunnel identifier. Ensure that the ID is the same for the RED and the firewall.

    Unlock code

    A code that allows the provisioning servers to accept a new configuration for a RED.

    Firewall IP/hostname

    Public IP address or hostname of the firewall.

    2nd firewall IP/hostname

    Alternate public IP address or hostname of the firewall.

    Use 2nd IP/hostname for

    The way in which the second IP address or hostname is to be used.

    Choose from the following:
    • Failover: The secondary host takes automatically over when the primary fails.
    • Load balancing: Distribute traffic equally between the primary and the secondary hosts. Select this option if both uplinks the first and the second hostname correlate to, are equal in latency and throughput.

    Device deployment

    Method by which the remote RED device is configured.

    Choose from the following:

    • Automatically via provisioning service: XG Firewall provisions the remote RED appliance automatically through the RED provisioning server.
    • Manually via USB stick: Use this to provision a RED appliance located in a private network. Do as follows:
      1. Go to Network > Interfaces.
      2. Click the edit interface button Edit interface and click Download provisioning file.
      3. Copy the file to the root directory of a USB device, and insert it into the remote RED appliance.
  4. Specify uplink settings.
    SettingDescription
    Uplink connection

    Method by which the WAN connection on the RED obtains an IP address.

    Choose from the following:
    • DHCP: Assign the address dynamically. Using this method is recommended. If you are deploying using the provisioning service, the RED must connect to a DHCP network at least once to download the configuration.
    • Static: Provide a static IP address. Use this option only if DHCP is not supported.
    2nd uplink connection Choose a method for the second RED uplink.
    2nd uplink mode Choose from the following:
    • Failover: The secondary uplink takes automatically over when the primary fails.
    • Load balancing: Distribute traffic equally between the primary and the secondary uplink. Select this option if both uplinks are equal in latency and throughput.

    3G/UMTS failover

    Use a mobile network in case of a WAN failure. Obtain the settings from your service provider. 3G/UMTS failover requires a USB dongle.
    Note The RED firmware 2.0.018 doesn't support the D-Link DWM-222 USB adapter.
  5. Specify the RED network settings.
    SettingDescription
    RED operation mode

    Method by which the remote network behind the RED is to be integrated into your local network. Split networks don't support FQDN hosts.

    Find more information in RED operation modes.

    RED IP

    IP address of the RED.

    Zone Zone assigned to the interface.
    Configure DHCP Allow the RED to provide DHCP to devices.
    RED DHCP range DHCP range for devices behind the RED.
    Split network Traffic to the networks listed is redirected to the firewall. The remaining traffic is routed directly to the internet.
    MAC filtering type

    Type of MAC filtering.

    Choose from the following:
    • Whitelist: Allow only addresses on the list.
    • Blacklist: Block addresses on the list.

    Check your device specifications for the maximum number of MAC addresses allowed.

    Tunnel compression Compress tunnel traffic. Data compression can increase the throughput of RED traffic in regions with slow internet connections.
    MTU MTU (Maximum Transmission Unit) value, in bytes. It's the largest packet size that a network can transmit. Packets larger than the specified value are divided into smaller packets before they are sent.
  6. Specify Switch settings.

    RED 50 and SD-RED 60 devices support VLANs.

    For more information, see RED LAN modes.
  7. Specify PoE settings.
    You can turn on Power over Ethernet for one or both PoE ports of SD-RED 60.
  8. Click Save.

Add an interface for a firewall RED

Learn how to configure a RED interface for a RED tunnel between two XG Firewall devices or XG Firewall and Sophos UTM.

  1. Go to Network > Interfaces, click Add interface, and select Add.
  2. Enter a branch name.
  3. Select a type and specify the RED settings.
    • Firewall RED Server: Connects to a UTM using 9.700 or later.
    • Firewall RED Client: Connects to a UTM using 9.700 or later.
    • Firewall RED Server Legacy: Connects to a UTM using versions earlier than 9.700.
    • Firewall RED Client Legacy: Connects to a UTM using versions earlier than 9.700.

    Setting

    Description

    Tunnel ID

    Tunnel identifier.

    Firewall IP/hostname

    Public IP address or hostname of the firewall.

    Provisioning file

    File containing the configuration data to be provided to the client firewall.
  4. Specify the RED network settings.
    SettingDescription

    RED IP

    IP address of the RED.

    RED netmask

    Subnet mask of the RED IP address.

    Zone Zone assigned to the interface.
    Tunnel compression Compress tunnel traffic. Data compression can increase the throughput of RED traffic in regions with slow internet connections.
    MTU MTU (Maximum Transmission Unit) value, in bytes. It's the largest packet size that a network can transmit. Packets larger than the specified value are divided into smaller packets before they are sent.
  5. Click Save.