Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Allow RED to access the internet line when the Main UTM line is disconnected

This added mode could mean no disruption to the branch operations in case the UTM is down due to internet issues and cannot be up soon enough. Once the RED detected the UTM is up, it will establish connection and all traffic can be channel to the UTM once again.

86 votes
Sign in
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Ben shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
  • Seb commented  ·   ·  Flag as inappropriate

    Could you please add this? To not have this, the RED Split Tunneling Mode doesn´t really makes sense.

  • Jazz Oberoi commented  ·   ·  Flag as inappropriate

    Hi Guys, Any update on this ? This is turning out to be a deal breaker for us as we cannot afford to loose everything behind the RED each time the link between sites go down. This was the reason we provision the remote site with its own File/Print/AD/DNS Server.. however that no longer is accessible as soon as the RED goes down. !!!!

  • Anonymous commented  ·   ·  Flag as inappropriate

    Not only internet access is not possible, but even the local network doesn't work at all!
    It should be possible for the RED to remember important settings during a disconnection and reestablish the tunnel to the UTM when possible, best without constant reboots.

    For example there is a Server behind the RED and an AP for the LAN, but no one can connect to the Wifi while the connection to UTM is gone. Not nice!

  • Daniel Gutierrez commented  ·   ·  Flag as inappropriate

    When the UTM (ASG) is unavailable (off) the RED device does not work, leaving the branch office without internet access. They are kept in a reboot cycle.
    I think the RED devices are able to do functions that allow Internet access to users while they can not communicate with the UTM. This may be an optional function authorized by the system administrator.
    One check for activating this function on the RED configuration parameters should be displayed.

  • Jean-Francois Anctil commented  ·   ·  Flag as inappropriate

    I totally agree with "-gf-" on that suggestion. I'm working on a little project that could be achieved with a RED deployment but the RED staying in "fail-closed mode" when its losing connection with the ASG is a non-sense to me. I don't understand why nobody raised the flag before. Everybody understand why somebody would force the internet traffic to go through the tunnel but not having an option to use the Internet when the tunnel is down (Internet connection problems or ASG updates) is a big mistake....

    I think RED has potential. Keep your good work on that.

  • -gf- commented  ·   ·  Flag as inappropriate

    Unfortunately the 'split' deployments require a second gateway, driving up costs for deployment at scale. It seems that the simplicity of the RED makes it ideal for large scale, simple, cookie cutter deployments. The scale of such deployments makes loss of internet access to the central UTM very expensive. There's a contradiction between stated purpose and implementation of the REDs.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.