Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How to configure RED Interface in sophos XG firewall

Here in this article we will learn how to configure RED interface in sophos XG firewall. Red device is small networking appliance which will be used to establish secure channel to sophos XG firewall from its deployment location.

First we need to configure RED interface in sophos XG firewall. Power on your red device. Make sure RED device should be connected to internet, and it must receive DHCP IP address from the connected router or ISP or it cannot connect to internet.

Enable RED Service

Click on the system services menu and then click on the RED tab. Enable RED service.

RED service Enable
RED Service

Fill up all the required information. Unlock code will be sent to the email address mentioned in these settings.

Add RED Interface

Click on the network tab and click on add RED interface as shown in image below

ADD RED interface

RED Settings

Branch Name: Enter any branch name for the RED device.

Type: You can select based on the model of RED device

Types of RED
RED model

RED ID: Enter the serial number of RED device

Tunnel ID: Select any value for tunnel ID which will be used to differentiate the VPN tunnel connection. You can leave it as automatic, it will chose tunnel ID by itself

Unlock Code: If you are configuring RED device for the first time in sophos XG firewall leave unlock code as blank. If RED device has been previously set up on another firewall, then enter the unlock code. The unlock code will be sent to the email address that you provided when you turn on provisioning RED service.

Note: Store the unlock code, it will be needed if you want to configure RED device on another firewall.

Firewall IP/hostname: Enter the WAN IP of firewall to which red interfaces should be connected.

Device Deployment:

Automatically Via Provisioning Service: If we select this option, RED interface configuration will be uploaded to RED provisioning server. RED device will fetch this configuration from provisioning server and connect to sophos XG firewall using the settings in provisioning file.

Manually Via USB Stick: If we select this option, you need to manually download the configuration file from sophos XG firewall

Manual download
Provisioning file

Upload this file to USB stick root directory and connect to RED device. Now RED service will send unlock code to the “email address” which you have given under “system services >> RED“.

Note: Make sure to retain the unlock code, you will need this unlock code to connect RED device to another firewall.

Here are the sample settings as shown in below image

RED settings
RED settings

Uplink Settings:

Uplink connection: You can select uplink connection to be either static or DHCP. If we select option DHCP, RED device will get IP from its next hop. If we select option “static“, we need to enter the public IP address of RED device as shown in image below.

Uplink Settings
RED uplink settings

RED Network Settings:

RED Operation Mode: RED device can operate in three different RED modes.

Standard Unified Mode: If we select this operation mode then firewall will be acting as default gateway to the RED device clients. All RED device clients will get IP address from the sophos XG firewall. In place of RED IP you need to enter any IP address from “RED DHCP range“.

Standard Unified
Standard Unified

Standard Split Mode: If we select this operation mode, firewall will be still acting as DHCP server to RED clients. But only traffic destined to specific networks will be routed through RED tunnel. We need to enter specific networks under “split network” tab as shown in below image. In place of RED IP, you need to enter IP for RED device from the RED DHCP range.

Standard Split
Split network

Transparent Split:

If we select this option mode in RED device, firewall will not act as DHCP server. RED clients will be getting DHCP IP address from their local DHCP server. Only traffic destined to specific networks will be routed through the RED tunnel.

Transparent Split
Transparent Split

MAC filtering Type: Using this option we can define which MAC address or allowed or blocked to access RED device.

Now save the configuration and power on RED device, it will be connected to sophos XG firewall. Make sure RED device connected to any DHCP server and RED device should be accessible to internet as it needs to download provisioning file from the RED provisioning server.

Hope this article helps you.