Skip to content

RED

A Remote Ethernet Device (RED) provides a secure tunnel between a remote site and Sophos Firewall.

REDs connect remote branch offices to your main offices as if the branch office is part of your local network. Using RED interfaces, you can configure and install RED appliances or create a site-to-site RED tunnel between two Sophos Firewall devices in a client-server configuration.

The RED provisioning service supports RED deployment and provides security options, such as enforcing TLS 1.2. We maintain the RED provisioning servers (example: red.astaro.com). You only need to fill the RED configuration details to register with the provisioning server.

  1. RED configuration: To allow Sophos Firewall to offer RED services, you must register it with the RED provisioning server. To register Sophos Firewall, do as follows:

    1. Turn on RED status.
    2. Specify the Organization name, City, Country, and Email.

      Note

      Do not enter umlaut characters (example: Köln) or special characters for the organization name and city. Sophos Firewall uses these details to generate a certificate for secure RED communication.

      Make sure the email address you enter here is up to date and accurate. When you add the RED device to a firewall or move it to another firewall, the provisioning server sends the unlock code to this email address.

    3. Accept the license agreement.

    4. Click Apply.

      You can now see the other RED settings on the page.

  2. Force TLS 1.2: To force REDs to use only TLS 1.2, turn on Force TLS 1.2 and click Apply.

    Note

    We recommend using TLS 1.2 for enhanced security.

  3. Automatic device deauthorization: To automatically remove RED appliances' authorization when they remain disconnected from Sophos Firewall for the specified time, do as follows:

    1. Turn on Automatic device deauthorization.
    2. Specify a time.
    3. Click Apply.

      Tip

      We recommend that you turn on this option to prevent an unauthorized RED appliance or Firewall RED Client from connecting to Sophos Firewall.

      To authorize a deauthorized RED appliance, go to Network > Interfaces. For the RED device you want to authorize, click Menu Menu button. on the right, and turn on the interface.

      Here's an example of how to turn on a deauthorized RED appliance:

      Turning on deauthorized RED.

  4. RED unified firmware: RED unified firmware offers the latest features. Some RED devices (example: RED 50) support both legacy firmware and unified firmware. To make sure such devices only use unified firmware, select RED unified firmware.

    Note

    The RED unified firmware option is only available on RED15(w) and RED50 devices.

    To update the RED firmware, go to Backup and firmware > Pattern updates, and install the RED firmware. RED firmware updates aren't installed automatically. This allows you to schedule downtime.

    Note

    RED unified firmware is selected by default. If you've migrated Sophos Firewall to a different version, your existing RED setting is migrated. However, if you reset Sophos Firewall to factory configuration, RED unified firmware is selected.

More resources