Do not auto-reboot RED in Standard/Split configuration
When using the devices "RED " in the Stardard/Split configuration type, the device at the time of not detecting the XG Firewall attempts to complete the connection 5 times and then reboots the device.
In this mode, the computers go to the Internet through the WAN in the "network " not by the VPN so that being restarting the device stops offering Internet service.
This is not optimal for computers under the RED device, as some services that do not use the VPN as a charge with credit/debit card cannot be carried out because you do not have access to the Internet, some other services such as email, navigation, or access to local servers are also interrupted.
There is an option that is called Manual/Split but it is not the configuration indicated for all type of environments, since one of the advantages offered by network when it is used in branches is that they can use their interfaces like LAN and with this option the client is obliged to Acquire a Switch to use the LAN off-network.
What is proposed is that the RED device does not restart completely, but do restart the service that performs the tunnel with the XG and attempts to connect until the connection is finally established.
Hi Angel, thank you for your suggestion. This capability is under consideration at this time. It is likely that as we move RED management into Central that the RED device will need a local configuration backup. This will eliminate the need for RED to contact the XG gateway for configuration.
This is still a roadmap item and at this time no timeframe is committed.
Thanks again for your suggestion,
I see no good reason for this to still be this way.
Yes I agree with this. The current behavior of the RED does not make any sense... Knowing some on how the Sophos XG and RED communicate especially on how DHCP/DNS is tied to the RED directly, I would think creating a active/backup DHCP/DNS server on the RED appliance and then sync back to the XG, this would then fix the need of the RED's immediate communicate to the XG which is one of the issues in the first place...