Sophos RED

29Mar

Sophos RED

By Cyber Security Comments Off on Sophos RED

Sophos Remote Ethernet Device (RED) is a small network appliance, designed to be as simple to deploy as possible. Its main purpose is to provide a secure tunnel from its deployment location to a Sophos UTM firewall.

There is no user interface on the RED appliance. It is designed to be fully configured and managed from a Sophos UTM. RED devices can be shipped to a remote site, connected to any DHCP connection to the internet, and be fully configured by a remote administrator with no prior knowledge of the site, and no need to walk local personnel through technical setup steps. 

Sophos Red technical overview

When a RED is configured in a Sophos UTM firewall, the configuration options chosen by the administrator are uploaded to the Sophos provisioning servers. The configuration is little more than the following items:

  • Address of the firewall to which it will tunnel
  • WAN Uplink Mode (DHCP, Static IP)
  • Tunnel operation mode (Standard)
  • If static uplink mode is chosen, RED WAN address settings (Address, Netmask, Default Gateway, and DNS server)
  • Optionally, mobile broadband connection settings for RED v2 and above hardware
  • Unlock code

The unlock code is not stored on the RED appliance, but is used to prevent a RED that is in use from being accidentally or maliciously redirected. The correct unlock code must be supplied for the provisioning servers to accept new configuration for a RED. Initially, the unlock code is blank, until a RED has been connected to a UTM once. The first time a RED device is configured in a UTM, the unlock code should be left blank. Every time a RED is connected to a new UTM, the old unlock code must be entered in the new UTM to move the RED. Once the settings are pushed to the provisioning server, a new unlock code is issued, and displayed in the WebAdmin of the UTM.

The provisioning servers store the configuration provided by the administrator, on a centrally reachable set of servers. RED devices can be centrally configured due to this mechanism. When a RED device has no configuration, or the configuration it has is unsuccessful, it will look to the provisioning servers for updated instructions. A DNS lookup of red.astaro.com will return the closest provisioning server, which it will then securely connect to, and check for new instructions from the provisioning servers. As long as a RED has a working configuration, it will not check back with the provisioning servers again.

Share this post

Author

Related Posts

04Mar

Sophos Intercept X endpoint

Sophos Intercept X is the world’s most comprehensive next-generation endpoint protection solution, built to stop the widest range of... read more

04Sep

Sophos Intercept X Advanced Ranks as Industry-Best for Endpoint Threat Protection in Inaugural Report

Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced it was named the 2019 Best Small Business... read more

19Mar

Sophos Central

Sophos Central allows you to manage the award-winning Synchronized Security platform. Advanced attacks are more coordinated than ever before.... read more

30Aug

August, 2019 Patch Tuesday Targets Remote Desktop and Active Directory

By SophosLabs Offensive Security Among the 94 vulnerabilities fixed this month by Microsoft, 29 are rated as Critical. Most importantly, the... read more