Skip to content
Last update: 2022-05-24


A Remote Ethernet Device (RED) provides a secure tunnel between a remote site and Sophos Firewall.

REDs connect remote branch offices to your main offices as if the branch office is part of your local network. Using RED interfaces, you can configure and install RED appliances or create a site-to-site RED tunnel between two Sophos Firewall devices in a client-server configuration.

The RED provisioning service supports RED deployment and provides security options, such as enforcing TLS 1.2. We maintain the RED provisioning servers (example: You only need to fill the RED configuration details to register with the provisioning server.

  1. RED configuration: To allow Sophos Firewall to offer RED services, you must register it with the RED provisioning server. To register Sophos Firewall, do as follows:

    1. Turn on RED status.
    2. Specify the Organization name, City, Country, and Email.


      Do not enter umlaut characters (example: Köln) or special characters for the organization name and city. Sophos Firewall uses these details to generate a certificate for secure RED communication.

    3. Accept the license agreement.

    4. Click Apply.

      You can now see the other RED settings on the page.

  2. Force TLS 1.2: To force REDs to use only TLS 1.2, turn on Force TLS 1.2 and click Apply.


    We recommend using TLS 1.2 for enhanced security.

  3. Automatic device deauthorization: To automatically remove RED appliances' authorization when they remain disconnected from Sophos Firewall for the specified time, do as follows:

    1. Turn on Automatic device deauthorization.
    2. Specify a time.
    3. Click Apply.


      We recommend that you turn on this option to prevent an unauthorized RED appliance or Firewall RED Client from connecting to Sophos Firewall.

      To authorize a deauthorized RED appliance, go to Network > Interfaces. For the RED device you want to authorize, click Menu Menu button on the right, and turn on the interface.

      Here's an example of how to turn on a deauthorized RED appliance:

      Turning on deauthorized RED

  4. RED unified firmware: RED unified firmware offers the latest features. Some RED devices (example: RED 50) support both legacy firmware and unified firmware. To make sure such devices only use unified firmware, select RED unified firmware.

    To update the RED firmware, go to Backup and firmware > Pattern updates, and install the RED firmware. RED firmware updates aren't installed automatically. This allows you to schedule downtime.


    RED unified firmware is selected by default. If you've migrated Sophos Firewall to a different version, your existing RED setting is migrated. However, if you reset Sophos Firewall to factory configuration, RED unified firmware is selected.

More resources

Back to top