Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Troubleshoot RED Issues In Sophos XG

Here in this article we will discuss how to troubleshoot when red device is not connecting to sophos XG firewall.

First ensure you have configured sophos XG RED interface properly. You can use below article for the same

RED configuration

Let us understand how RED device can connect with sophos XG firewall:

  1. RED interface needs to be configured in sophos XG firewall.
  2. Sophos XG firewall uploads RED configuration to red provisioning server.
  3. Once RED device power on, it will fetch configuration from the RED provisioning server.
  4. Finally, RED device will connect to sophos XG firewall on port 3400 and 3410.

XG To RED Provisioning Server Connection Check:

First sophos XG firewall needs to upload provisioning file to RED provisioning server, so from the firewall it should connect to “red.astaro.com” on port 3400

In case if it is not connected, then XG firewall cannot upload to provisioning server and connection will not take place.

You need to check with ISP to unblock port 3400 as it is very much required for RED communication.

telnet red
red astaro server

RED Device Location to provisioning Server Connection Check:

Then you need to connect to “red.astaro.com” on port “3400” from the RED location network, it should be connected or else it cannot download configuration file from the provisioning server.

Note: RED device needs to connect internet and must be connected to router which can provide DHCP IP address.

RED Device to XG Firewall Connection Check:

Once RED device got provisioning file, it will try to connect to sophos XG firewall on port 3400 and 3410. So you can take tcpdump capture on port 3400 or 3410 and you should observe both IN and OUT packets. Only then connection will be established.

Login to the sophos XG firewall CLI, and execute this command “tcpdump -nei any port 3400 or 3410” in advanced shell as shown in below image.

tcpdump 3400 or 3410
telnet RED connection

If you observe both IN and OUT in tcpdump, then it should be connected. In case packets are not reaching to sophos XG firewall on any of the port either 3400 or 3410, connection will not be established.

Hope this article helps you.