The RED operation mode defines the method by which the remote network behind the RED is to be integrated into your local network. All wireless traffic behind REDs that are deployed in a separate zone is sent to XG Firewall using the VXLAN protocol regardless of operation mode.
This site uses cookies to improve site functionality, for advertising purposes, and for website analytics. By continuing to use the site you are agreeing to our use of cookies. Overview Sophos Remote Ethernet Device (RED) is a small network appliance, designed to be as simple to deploy as possible. Its main purpose is to provide a secure tunnel from its deployment location to a Sophos XG Firewall. There is no user interface on the RED appliance.
Standard/Unified
The firewall fully manages the remote network through the RED. It acts as DHCP server and as default gateway.
DHCP can be offered for the remote LAN by the firewall, and the RED may be the only device connecting the LAN to the internet. While another router may sit in front of the RED, there is not a parallel path around the RED to the internet.
In this mode, the firewall can allow or deny requests as it does for traffic coming from the local LAN. This provides the highest level of security and manageability for remote networks. However, the bandwidth at the firewall must be large enough to service requests from both its local users and all remote RED users.
Standard/Split
Sophos Red Box
The firewall manages the remote network and acts as DHCP server. Only traffic targeted to split networks is redirected to your local firewall. All traffic not targeted to the split networks is directly routed to the internet.
In this mode, the RED masquerades outbound traffic to come from its public IP address. This feature minimizes bandwidth usage over the tunnel and lightens the bandwidth requirements on the firewall, but it also reduces the manageability of the remote network substantially. Traffic to or from the internet cannot be filtered or protected from threats. Security can only be applied between the remote and local LANs.
Sophos Red Box
Transparent/Split
The firewall does not manage the remote network. It is connected to the remote LAN and the remote LAN’s gateway and receives an address on the remote LAN through DHCP. Only traffic destined for certain networks transmits down the tunnel. In this case, the RED does not act as the gateway, but it is in-line with the gateway and can transparently redirect packets down the tunnel.
Since the firewall has no control of the remote network, local domains cannot be resolved by the remote router unless you define a split DNS server. This is a local DNS server on your network that can be queried by remote clients.
In this mode, the local interface of the RED and its uplink interface to your local firewall as well as its link to the remote router are bridged. Since the firewall is a client of the remote network, routing traffic to the split networks the same way as with other modes is not possible. Therefore, the RED intercepts all traffic. Traffic targeting a split network or split domain is redirected to the firewall interface.