Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

RED: Restart tunnel instead of unit

When the internet connection drops at the main site (UTM location) the RED restarts to get the tunnel up again. When (for some reason) the internet connection stays down at the main site all internet activities at the remote location are down due to continuous restarts of the RED. If the *** only tries to pick up the tunnel, the internet at the remote location can still be used.

72 votes
Sign in
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
  • Seb commented  ·   ·  Flag as inappropriate

    Hi, this would be a great feature for red. Did you already consider implementing this or something similar? Would be a very good pro argument, to have the option to not reboot the whole device, when the tunnel goes down.

  • Tony commented  ·   ·  Flag as inappropriate

    Just to add - Andrew Kay suggests that the RED is a "fail closed" device, and it is. But I think when Transparent Split was added, the failed closed makes the mode completely un-usable. The whole point of T/S mode is that you're providing a host or network access to a specific resource but leaving the access control policy to the firewall on the network. The only way Fail Closed makes any sense is in standard mode where you do not want any traffic to make it to the internet. I'm glad to see this is under review, even if its been under review since 9/2013. Hopefully after the next big release of the firmware for the UTM is out, we'll either see this move forward to close it. :)

  • Tony commented  ·   ·  Flag as inappropriate

    This seems to be a big point of confusion. I was about to deploy a RED in Transparent/Split mode and was concerned that the RED would reboot after the UTM goes off line and effectively block internet access.

    Yesterday, I setup a RED in T/S mode in the lab, and blocked the red's ability to communicate with the UTM that is located at another office. After several attempts to contact the UTM the RED rebooted and the devices behind the RED lost their internet connection.

    I can confirm 100% that after the RED loses connection to the UTM, it will reboot, and will not pass any traffic. For uses where the RED is either in T/S or Standard/Split, having the RED reboot and block internet access is detrimental to the use cases where I've deployed it.

    I agree that if all possible, the RED shouldn't just reboot to try to bring up the tunnel again.

  • Andrew Kay commented  ·   ·  Flag as inappropriate

    I thought that the RED was a "fail closed" device which means that if in split mode the tunnel goes down, the RED will no longer forward *any* traffic. If so, that makes this moot.

  • Jan Muller commented  ·   ·  Flag as inappropriate

    Are You using RED50? We had problems with RED50 restarts we were talking to support. We recieved hotfixes to greatly reduce restart time, I imagine they will be released some time soon. Also, do You have AP5 usb wifi plugged into RED? This caused problems as well.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is a must have. Rebooting the device is not a option when uses as default gateway for the local LAN. All clients are losing their connection to internet until the problem on the utm location is solved…

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.