Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=RED-migration

RED migration information

Learn about RED configurations and appliances that aren't supported any longer, and how to update the firewall configurations to meet the RED interface requirements.

Migration information

EOL for legacy firewall RED tunnels

SFOS 22.0 and later versions don't support the following configurations:

  • Firewall RED Server Legacy
  • Firewall RED Client Legacy

These RED tunnels are established between firewalls using UTM at one end and SFOS at the other end.

Warning

If the firewall has the legacy RED server or client interfaces, you can't do as follows:

  • Upgrade to SFOS 22.0 and later.
  • Restore its backups to firewalls running on SFOS 22.0 and later.

What to do

Before you upgrade the firmware, you must replace the configurations in which these interfaces and the associated system hosts are in use, then delete the interfaces.

After you delete the legacy interfaces, we recommend that you take a configuration backup for future use.

For more information, see EOL of the legacy RED server and client configuration.

EOL RED devices

RED 15/15w and 50 are end-of-life (EOL). The tunnels won't connect in SFOS 20.0 MR1 and later.

What to do

We recommend that you use SD-RED 20 or 60. For more information, see the following links:

Subnet change for RED system host

In SFOS 21.0 MR2, the system hosts of RED interfaces are automatically assigned a /32 subnet. This is in line with the firewall interface behavior. Previously, RED system hosts retained the subnet you specified in the RED configuration.

If you've specified the RED system host for subnets other than /32, check the dependent configurations, such as firewall rules or routes. In SFOS 21.0 MR2, the firewall won't match IP addresses other than the one you specify in the RED configuration.

Example

  • Configured IP address and netmask: 192.168.1.1/24
  • Previous system host: 192.168.1.1/24
  • Current system host: 192.168.1.1/32

What to do

We recommend that you change the dependent configurations before the upgrade, as follows:

  1. To see the dependent configurations, go to Hosts and services > IP host.
  2. Click Usage for each RED system host.
  3. Replace the RED system host with the correct IP or network host in these dependent configurations.