RED: Hardware USB Security Dongle
Dongle support for RED, which allows you to place a special file on a USB drive (generated by the ASG) which will only open the tunnel only in case the dongle is plugged in the USB port; so the RED can be left at the location without risking invaders.
If you want to physically restrict access to the RED (such as going home) you bring the dongle with you.
Andreas Melcher commented
Such dongles tend to remain in the device after some time which kills the initial protection.
The better way would be to implement IEEE 802.1X port authentication for the RED LAN ports (there is already a feature request for this open) which protects the internal network from unauthorized devices.
The RED itself is already protected against unauthorized re-use on a different UTM by the unlock code which is set during the first pairing with your UTM.
I like this idea, i would like the VPN to connect as described but then be able to remove the USB. If the RED is stolen, ie, power lost and rebooted, then it should be impossible to connect or login to the unit without doing a factory reset.