Sophos RED

Sophos RED

Sophos Remote Ethernet Device (RED) is a small network appliance, designed to be as simple to deploy as possible. Its main purpose is to provide a secure tunnel from its deployment location to a Sophos UTM firewall.

There is no user interface on the RED appliance. It is designed to be fully configured and managed from a Sophos UTM. RED devices can be shipped to a remote site, connected to any DHCP connection to the internet, and be fully configured by a remote administrator with no prior knowledge of the site, and no need to walk local personnel through technical setup steps. 

Sophos Red technical overview

When a RED is configured in a Sophos UTM firewall, the configuration options chosen by the administrator are uploaded to the Sophos provisioning servers. The configuration is little more than the following items:

  • Address of the firewall to which it will tunnel
  • WAN Uplink Mode (DHCP, Static IP)
  • Tunnel operation mode (Standard)
  • If static uplink mode is chosen, RED WAN address settings (Address, Netmask, Default Gateway, and DNS server)
  • Optionally, mobile broadband connection settings for RED v2 and above hardware
  • Unlock code

The unlock code is not stored on the RED appliance, but is used to prevent a RED that is in use from being accidentally or maliciously redirected. The correct unlock code must be supplied for the provisioning servers to accept new configuration for a RED. Initially, the unlock code is blank, until a RED has been connected to a UTM once. The first time a RED device is configured in a UTM, the unlock code should be left blank. Every time a RED is connected to a new UTM, the old unlock code must be entered in the new UTM to move the RED. Once the settings are pushed to the provisioning server, a new unlock code is issued, and displayed in the WebAdmin of the UTM.

The provisioning servers store the configuration provided by the administrator, on a centrally reachable set of servers. RED devices can be centrally configured due to this mechanism. When a RED device has no configuration, or the configuration it has is unsuccessful, it will look to the provisioning servers for updated instructions. A DNS lookup of red.astaro.com will return the closest provisioning server, which it will then securely connect to, and check for new instructions from the provisioning servers. As long as a RED has a working configuration, it will not check back with the provisioning servers again.

Share this post

Comments (2)

  • Polish Portal

    I love what you guys are continually up too. Such clever work and reporting! Keep up the excellent works guys Ive added you guys to my blogroll.

    November 18, 2020 at 12:55 am
  • Grarlylaume

    Torrents: [url=http://vilasave.com/the-crown-princess-audition-chapter-14]Chapter 14[/url]
    DESCARGARMP3 – Musica Gratis – Descarga Mp3 ! [url=http://poleznoznat.com/en-2020/10/30/ym-gtex-xjaxts-3-hqazina-itzrny-xjwnjx-wjlzqaw-bnhytwna-sjzras/]READ MORE[/url].
    ManyVids | SiteRips | Chaturbate | MyDyrtyHobby
    The Free Sex Community
    Free Cahturbate Camshows

    [url=http://adplustech.com/anime/watashi-ni-tenshi-ga-maiorita-special]Watashi ni Tenshi ga Maiorita! Special[/url]

    torrenty, torrent, najnowsze torrenty, wyszukiwarka torrent – [url=http://pobobsmetals.com/jv-waxqa/ero-qynnodd-yp-roavsxq/38]Scan The Goddess Of Healing 38 VF : Le banquet de Hongmen[/url]. yqwshop com – [url=http://champagnediy.com/sp-21515909/twlm-lubwguw-xbumbhg-ihvualml-lubxb]The 10 best sci-fi podcasts imagining the future[/url].
    Index page

    Telecharger avec TorrentX Officiel + [url=http://pendiktasarim.com/sh-fagya/asnk-eagw-asnk-eagw-xhk-vnffbwl-vhncbglzb]Azur Lane – Azur Lane For Dummies (Doujinshi)[/url]. Watch English Anime Online Subbed, Dubbed – [url=http://sydney-car-owner.com/db-qarka/cmareyr-wdwxiq-mr-xli-gmxd]Xianzun System in the City[/url].

    December 5, 2020 at 9:59 am

Leave a Reply

Your email address will not be published.