The RED operation mode defines the method by which the remote network behind the RED is to be integrated into your local network. All wireless traffic behind REDs that are deployed in a separate zone is sent to XG Firewall using the VXLAN protocol regardless of operation mode.
Sophos Firewall Add RED to Bridge Interface Configure the RED device in the Web Admin Console. Navigate to Network Interfaces then click Add RED and configure the RED device as needed. Overview Sophos Remote Ethernet Device (RED) is a small network appliance, designed to be as simple to deploy as possible. Its main purpose is to provide a secure tunnel from its deployment location to a Sophos XG Firewall. There is no user interface on the RED appliance.
Standard/Unified
The firewall fully manages the remote network through the RED. It acts as DHCP server and as default gateway.
DHCP can be offered for the remote LAN by the firewall, and the RED may be the only device connecting the LAN to the internet. While another router may sit in front of the RED, there is not a parallel path around the RED to the internet.
In this mode, the firewall can allow or deny requests as it does for traffic coming from the local LAN. This provides the highest level of security and manageability for remote networks. However, the bandwidth at the firewall must be large enough to service requests from both its local users and all remote RED users.
Standard/Split
The firewall manages the remote network and acts as DHCP server. Only traffic targeted to split networks is redirected to your local firewall. All traffic not targeted to the split networks is directly routed to the internet.
In this mode, the RED masquerades outbound traffic to come from its public IP address. This feature minimizes bandwidth usage over the tunnel and lightens the bandwidth requirements on the firewall, but it also reduces the manageability of the remote network substantially. Traffic to or from the internet cannot be filtered or protected from threats. Security can only be applied between the remote and local LANs.
Transparent/Split
The firewall does not manage the remote network. It is connected to the remote LAN and the remote LAN’s gateway and receives an address on the remote LAN through DHCP. Only traffic destined for certain networks transmits down the tunnel. In this case, the RED does not act as the gateway, but it is in-line with the gateway and can transparently redirect packets down the tunnel.
Since the firewall has no control of the remote network, local domains cannot be resolved by the remote router unless you define a split DNS server. This is a local DNS server on your network that can be queried by remote clients.
In this mode, the local interface of the RED and its uplink interface to your local firewall as well as its link to the remote router are bridged. Since the firewall is a client of the remote network, routing traffic to the split networks the same way as with other modes is not possible. Therefore, the RED intercepts all traffic. Traffic targeting a split network or split domain is redirected to the firewall interface.
I use Sophos UTM appliances for a very similar situation
We have 3 sites each has their own UTM and private connectivity between them but with UTM to UTM VPN over internet as a backup/failover.
Web filtering is great but what is even better is the application level control. Want to block Dropbox, just see the traffic on the flow analyser and click the block button and done.
Sophos Red Box Vpn
Sophos Redbox Login
We use the RED appliances for remote workers - mainly because all the staff are bozos and would never cope with VPN so we make it easy for them. Give them a RED box and they just work as if they are at home. No easier way to do it