Skip to content

RED interfaces

A Remote Ethernet Device (RED) provides a secure tunnel between a remote site and Sophos Firewall.

REDs connect remote branch offices to your main offices as if the branch office is part of your local network. Using RED interfaces, you can configure and install RED appliances or create a site-to-site RED tunnel between two Sophos Firewall devices in a client-server configuration.

You can configure RED tunnels using the following options:

  • RED appliance: You can establish a tunnel between Sophos Firewall in the head office and a RED appliance (example: SD-RED) at the remote office. To configure RED appliances, you configure a RED interface on Sophos Firewall, and install the provisioning file on the RED appliance.
  • Firewall RED device: You can create a site-to-site RED tunnel between two Sophos Firewall devices in a client-server configuration. Firewall RED devices are Sophos Firewall devices that communicate using the RED tunnel. You can use Firewall RED device types as follows:

    Firewall RED server or client: Select this if you're connecting Sophos Firewall to a UTM using 9.700 or later.

    Firewall RED server or client (legacy): Select this if you're connecting Sophos Firewall to a UTM using versions earlier than 9.700.

How to configure a remote RED appliance

You can connect RED appliances, such as SD-RED, installed in the remote office to Sophos Firewall installed in the main office.

  1. Go to System services > RED.
  2. Turn on the RED service, and register Sophos Firewall with the RED provisioning server. This is a one-time action.
  3. Configure the RED interface on your Sophos Firewall. See Add a RED interface.
  4. Connect the RED appliance to the internet at the remote site.

How to configure Firewall RED devices

You can connect Sophos Firewall devices in the head office and remote office using a site-to-site RED tunnel.

  1. Go to System services > RED.
  2. Turn on the RED service, and register Sophos Firewall with the RED provisioning server. This is a one-time action.
  3. Configure firewall 1 as the Firewall RED Server. See Add a RED interface.
  4. Go to Network > Interfaces. Download the provisioning file for firewall 1.
  5. Configure firewall 2 as the Firewall RED Client. Upload the provisioning file.

More resources