Add a RED interface

You must specify a branch name, a RED type, and network settings. For RED hardware models, you also specify a configuration.

Introduction

You can create two types of RED interfaces. The configuration steps vary depending on the type of interface you create.

RED hardware model: Dedicated RED hardware without a user interface.
Firewall RED: The firewall acts as a RED in a client-server configuration. It needs network settings only.

Do as follows to add an interface for a RED hardware model:

Go to Network > Interfaces, click Add interface, and select Add RED.
Enter a branch name.
Select the type of RED interface from the list.

Specify the RED settings.

Setting	Description
RED ID	RED identification number. You can find the ID on the back of the device and on the product packaging.
Tunnel ID	Tunnel identifier. Ensure that the ID is the same for the RED and the firewall.
Unlock code	A code that allows the provisioning servers to accept a new configuration for a RED.
Firewall IP/hostname	Public IP address or hostname of the firewall.
2nd firewall IP/hostname	Alternate public IP address or hostname of the firewall.
Use 2nd IP/hostname for	The way in which the second IP address or hostname is to be used. Choose from the following: Failover: The secondary host automatically takes over when the primary fails. Load balancing: Distribute traffic equally between the primary and the secondary hosts. Select this option if both uplinks the first and the second hostname correlate to, are equal in latency and throughput.
Device deployment	Method by which the remote RED device is configured. Choose from the following: Automatically via provisioning service: Sophos Firewall provisions the remote RED appliance automatically through the RED provisioning server. Manually via USB stick: Use this option to provision a RED appliance located in a private network. Do as follows: Go to Network > Interfaces. Click Menu and click Download provisioning file. Copy the file to the root directory of a USB device, and insert it into the remote RED appliance.

Specify the uplink settings.

Setting	Description
Uplink connection	Method by which the WAN connection on the RED obtains an IP address. Choose from the following: DHCP: Assign the address dynamically. We recommend you use this method. If you're setting up the RED using the provisioning service, the RED must connect to a DHCP network at least once to download the configuration. Static: Provide a static IP address. Use this option only if DHCP is not supported.
2nd uplink connection	Choose a method for the second RED uplink.
2nd uplink mode	Choose from the following: Failover: The secondary uplink automatically takes over when the primary fails. Load balancing: Distribute traffic equally between the primary and secondary uplink. Select this option if both uplinks are equal in latency and throughput.
3G/UMTS failover	Use a mobile network in case of a WAN failure. Obtain the settings from your service provider. 3G/UMTS failover requires a USB dongle.

Note

3G/UMTS failover isn't available if you set RED operation mode to Transparent/Split.

The RED firmware 2.0.018 doesn't support the D-Link DWM-222 USB adapter.

Specify the RED network settings.

Setting	Description
RED operation mode	Method by which the remote network behind the RED is to be integrated into your local network. Split networks don't support FQDN hosts. For more information, see RED operation modes.
RED IP	IP address of the RED.
Zone	Zone assigned to the interface.
Configure DHCP	Allow the RED to provide DHCP to devices.
RED DHCP range	DHCP range for devices behind the RED.
Split network	Traffic to the networks listed is redirected to the firewall. The remaining traffic is routed directly to the internet.
MAC filtering type	Type of MAC filtering. Choose from the following: Whitelist: Allow only addresses on the list. Blacklist: Block addresses on the list. Check your device specifications for the maximum number of MAC addresses allowed.
Tunnel compression	Compress tunnel traffic. Data compression can increase the throughput of RED traffic in regions with slow internet connections.
MTU	Maximum Transmission Unit (MTU) value, in bytes. It's the largest packet size that a network can transmit. Packets larger than the specified value are divided into smaller packets before they are sent.

Specify Switch settings.

RED 50 and SD-RED 60 devices support VLANs.

For more information, see RED LAN modes.
Specify PoE settings. You can turn on Power over Ethernet for one or both PoE ports of SD-RED 60.
Click Save.

Do as follows to configure a RED interface for a RED tunnel between two Sophos Firewall devices or Sophos Firewall and Sophos UTM.

Go to Network > Interfaces, click Add interface, and select Add.
Enter a branch name.

Select a type and specify the RED settings.

Firewall RED Server: Connects to a UTM using 9.700 or later.
Firewall RED Client: Connects to a UTM using 9.700 or later.
Firewall RED Server Legacy: Connects to a UTM using versions earlier than 9.700.
Firewall RED Client Legacy: Connects to a UTM using versions earlier than 9.700.

Setting	Description
Tunnel ID	Tunnel identifier.
Firewall IP/hostname	Public IP address or hostname of the firewall.
Provisioning file	File containing the configuration data to be provided to the client firewall.

Specify the RED network settings.

Setting	Description
RED IP	IP address of the RED.
RED netmask	Subnet mask of the RED IP address.
Zone	Zone assigned to the interface.
Tunnel compression	Compress tunnel traffic. Data compression can increase the throughput of RED traffic in regions with slow internet connections.
MTU	Maximum Transmission Unit (MTU) value, in bytes. It's the largest packet size that a network can transmit. Packets larger than the specified value are divided into smaller packets before they are sent.

More resources