Skip to content

Add a RED interface

You must specify a branch name, a RED type, and network settings. For RED hardware models, you also specify a configuration.

Introduction

You can create two types of RED interfaces. The configuration steps vary depending on the type of interface you create.

  • RED hardware model: Dedicated RED hardware without a user interface.
  • Firewall RED: The firewall acts as a RED in a client-server configuration. It needs network settings only.

Add an interface for a RED hardware model

Do as follows to add an interface for a RED hardware model:

  1. Go to Network > Interfaces, click Add interface, and select Add RED.
  2. Enter a branch name.
  3. Select the type of RED interface from the list.
  4. Specify the RED settings. | Setting| Description| |---|---| |RED ID| RED identification number. You can find the ID on the back of the device and on the product packaging.| |Tunnel ID| Tunnel identifier. Ensure that the ID is the same for the RED and the firewall.| |Unlock code|A code that allows the provisioning servers to accept a new configuration for a RED.| |Firewall IP/hostname|Public IP address or hostname of the firewall.| |2nd firewall IP/hostname|Alternate public IP address or hostname of the firewall.| |Use 2nd IP/hostname for| The way in which the second IP address or hostname is to be used.

    Choose from the following:

    • Failover: The secondary host automatically takes over when the primary fails.
    • Load balancing: Distribute traffic equally between the primary and the secondary hosts. Select this option if both uplinks the first and the second hostname correlate to, are equal in latency and throughput.
    | |Device deployment| Method by which the remote RED device is configured.

    Choose from the following:
    • Automatically via provisioning service: Sophos Firewall provisions the remote RED appliance automatically through the RED provisioning server.
    • Manually via USB stick: Use this option to provision a RED appliance located in a private network. Do as follows:
    1. Go to Network > Interfaces.
    2. Click Menu Menu button and click Download provisioning file.
    3. Copy the file to the root directory of a USB device, and insert it into the remote RED appliance.
    |

  5. Specify uplink settings.

    Setting Description
    Uplink connection Method by which the WAN connection on the RED obtains an IP address.

    Choose from the following:
    • DHCP: Assign the address dynamically. We recommend you use this method. If you're setting up the RED using the provisioning service, the RED must connect to a DHCP network at least once to download the configuration.
    • Static: Provide a static IP address. Use this option only if DHCP is not supported.
      2nd uplink connection Choose a method for the second RED uplink.
      2nd uplink mode Choose from the following:
      • Failover: The secondary uplink automatically takes over when the primary fails.
      • Load balancing: Distribute traffic equally between the primary and secondary uplink. Select this option if both uplinks are equal in latency and throughput.
        3G/UMTS failover Use a mobile network in case of a WAN failure. Obtain the settings from your service provider. 3G/UMTS failover requires a USB dongle.

        Note

        3G/UMTS failover isn't available if you set RED operation mode to Transparent/Split.

        The RED firmware 2.0.018 doesn't support the D-Link DWM-222 USB adapter.

      • Specify the RED network settings.

        Setting Description
        RED operation mode Method by which the remote network behind the RED is to be integrated into your local network. Split networks don't support FQDN hosts.

        For more information, see RED operation modes.
        RED IP IP address of the RED.
        Zone Zone assigned to the interface.
        Configure DHCP Allow the RED to provide DHCP to devices.
        RED DHCP range DHCP range for devices behind the RED.
        Split network Traffic to the networks listed is redirected to the firewall. The remaining traffic is routed directly to the internet.
        MAC filtering type Type of MAC filtering.
        Choose from the following:
        • Whitelist: Allow only addresses on the list.
        • Blacklist: Block addresses on the list.

        Check your device specifications for the maximum number of MAC addresses allowed.
        Tunnel compression Compress tunnel traffic. Data compression can increase the throughput of RED traffic in regions with slow internet connections.
        MTU Maximum Transmission Unit (MTU) value, in bytes. It's the largest packet size that a network can transmit. Packets larger than the specified value are divided into smaller packets before they are sent.
      • Specify Switch settings.

        RED 50 and SD-RED 60 devices support VLANs.

        For more information, see RED LAN modes.

      • Specify PoE settings. You can turn on Power over Ethernet for one or both PoE ports of SD-RED 60.

      • Click Save.

      Add an interface for a firewall RED

      Do as follows to configure a RED interface for a RED tunnel between two Sophos Firewall devices or Sophos Firewall and Sophos UTM.

      1. Go to Network > Interfaces, click Add interface, and select Add.
      2. Enter a branch name.
      3. Select a type and specify the RED settings.

        • Firewall RED Server: Connects to a UTM using 9.700 or later.
        • Firewall RED Client: Connects to a UTM using 9.700 or later.
        • Firewall RED Server Legacy: Connects to a UTM using versions earlier than 9.700.
        • Firewall RED Client Legacy: Connects to a UTM using versions earlier than 9.700.
        Setting Description
        Tunnel ID Tunnel identifier.
        Firewall IP/hostname Public IP address or hostname of the firewall.
        Provisioning file File containing the configuration data to be provided to the client firewall.
      4. Specify the RED network settings.

        Setting Description
        RED IP IP address of the RED.
        RED netmask Subnet mask of the RED IP address.
        Zone Zone assigned to the interface.
        Tunnel compression Compress tunnel traffic. Data compression can increase the throughput of RED traffic in regions with slow internet connections.
        MTU Maximum Transmission Unit (MTU) value, in bytes. It's the largest packet size that a network can transmit. Packets larger than the specified value are divided into smaller packets before they are sent.
      5. Click Save.

      More resources

      Back to top