The market for RED is the hundreds of thousands of small branch offices that already have an internet connection. The genius of this device is that it goes into that environment and, almost magically, puts any devices connected to it in the branch office into a local network on the Astaro back in the main office. Sophos RED (Remote Ethernet Device) is a small network appliance, designed to be as simple to deploy as possible. Its main purpose is to provide a secure tunnel from its deployment location, back to a Sophos UTM firewall. Run a quick test of your Internet connection with the Xfinity xFi Speed Test and explore tips to improve Internet performance.
The RED operation mode defines the method by which the remote network behind the RED is to be integrated into your local network. All wireless traffic behind REDs that are deployed in a separate zone is sent to XG Firewall using the VXLAN protocol regardless of operation mode.
Standard/Unified
The firewall fully manages the remote network through the RED. It acts as DHCP server and as default gateway.
Sophos Redbox Download
DHCP can be offered for the remote LAN by the firewall, and the RED may be the only device connecting the LAN to the internet. While another router may sit in front of the RED, there is not a parallel path around the RED to the internet.
In this mode, the firewall can allow or deny requests as it does for traffic coming from the local LAN. This provides the highest level of security and manageability for remote networks. However, the bandwidth at the firewall must be large enough to service requests from both its local users and all remote RED users.
Standard/Split
Sophos Red Box 20
The firewall manages the remote network and acts as DHCP server. Only traffic targeted to split networks is redirected to your local firewall. All traffic not targeted to the split networks is directly routed to the internet.
In this mode, the RED masquerades outbound traffic to come from its public IP address. This feature minimizes bandwidth usage over the tunnel and lightens the bandwidth requirements on the firewall, but it also reduces the manageability of the remote network substantially. Traffic to or from the internet cannot be filtered or protected from threats. Security can only be applied between the remote and local LANs.
Transparent/Split
The firewall does not manage the remote network. It is connected to the remote LAN and the remote LAN’s gateway and receives an address on the remote LAN through DHCP. Only traffic destined for certain networks transmits down the tunnel. In this case, the RED does not act as the gateway, but it is in-line with the gateway and can transparently redirect packets down the tunnel.
Since the firewall has no control of the remote network, local domains cannot be resolved by the remote router unless you define a split DNS server. This is a local DNS server on your network that can be queried by remote clients.
Sophos Red Box
In this mode, the local interface of the RED and its uplink interface to your local firewall as well as its link to the remote router are bridged. Since the firewall is a client of the remote network, routing traffic to the split networks the same way as with other modes is not possible. Therefore, the RED intercepts all traffic. Traffic targeting a split network or split domain is redirected to the firewall interface.