{"id":1033,"date":"2020-03-23T08:56:28","date_gmt":"2020-03-23T08:56:28","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=1033"},"modified":"2020-03-27T11:18:49","modified_gmt":"2020-03-27T11:18:49","slug":"substituting-xg-firewall-for-sophos-red-devices","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/en-us\/2020\/03\/products\/substituting-xg-firewall-for-sophos-red-devices\/","title":{"rendered":"Substituting XG Firewall for Sophos RED Devices"},"content":{"rendered":"<p>With the tremendous interest in VPN connectivity and RED supply shortages, we have put together some important information here for you to help you respond to inquiries and enable customers to achieve their networking needs.<\/p>\n<h2>RED Device inventory shortage:<\/h2>\n<p>As you may know, Sophos RED Devices are in low supply.\u00a0 But the good news is that XG 86 and 106 models can be even better solutions, and in the case of the XG 86, it\u2019s about the same price as a RED 15.<\/p>\n<h2>Substituting XG for RED:<\/h2>\n<ul>\n<li>While RED devices are in short supply, position an XG 86(w)\/106(w) as a better replacement, especially if a split-tunnel is required. The price is about the same<\/li>\n<li>The base license includes RED site-to-site VPN tunnel functionality and offers the same benefit of no recurring licensing fees in the future<\/li>\n<li>Suggest Network Protection for Central Management, Zero-Touch Deployment, and Synchronized Security<\/li>\n<li>Suggest Web Protection (or EnterpriseProtect Plus) for split tunnel deployments, which will offload security scanning from the main head-office firewall for all internet bound traffic \u2013 improving performance for both the remote site and the central firewall<\/li>\n<\/ul>\n<h2>Comparison:<\/h2>\n<table>\n<tbody>\n<tr>\n<td width=\"137\"><\/td>\n<td width=\"239\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-1034\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/03\/XG-86-Front.png?w=300\" alt=\"\" width=\"300\" height=\"88\" srcset=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/03\/XG-86-Front.png 454w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/03\/XG-86-Front.png?resize=300,88 300w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/td>\n<td width=\"247\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-1035\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/03\/red-15-front.png?w=300\" alt=\"\" width=\"300\" height=\"79\" srcset=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/03\/red-15-front.png 376w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/03\/red-15-front.png?resize=300,79 300w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/td>\n<\/tr>\n<tr>\n<td width=\"137\"><\/td>\n<td width=\"239\">XG 86<\/td>\n<td width=\"247\">RED 15<\/td>\n<\/tr>\n<tr>\n<td width=\"137\">RED Tunnels<\/td>\n<td width=\"239\">Yes<\/td>\n<td width=\"247\">Yes<\/td>\n<\/tr>\n<tr>\n<td width=\"137\">Split Tunnels<\/td>\n<td width=\"239\">Yes with Security<\/td>\n<td width=\"247\">Yes \u2013 Not secured<\/td>\n<\/tr>\n<tr>\n<td width=\"137\">Zero-Touch<\/td>\n<td width=\"239\">Yes via Sophos Central<\/td>\n<td width=\"247\">Yes via the Central XG Firewall<\/td>\n<\/tr>\n<tr>\n<td width=\"137\">Base Price<\/td>\n<td style=\"text-align: center;\" colspan=\"2\" width=\"486\">Very similar<\/td>\n<\/tr>\n<tr>\n<td width=\"137\">EnterpriseProtect<\/td>\n<td width=\"239\">Small incremental cost\/month<\/td>\n<td width=\"247\">Not Available<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Key Advantages of XG vs RED:<\/h2>\n<p>In general, XG Firewall is better in split-tunnel applications like SOHO deployments. RED is ideal for industrial control systems and remote device monitoring and control.<\/p>\n<ul>\n<li>Split Tunnel Protection \u2013 traffic routed directly to the internet can be secured<\/li>\n<li>Central Management from Sophos Central \u2013 easy zero-touch deployment, status monitoring in Central, and group policy management<\/li>\n<li>More flexible VPN options \u2013 in addition to RED tunnels, XG also supports standards-based VPN options including IPSec and SSL<\/li>\n<\/ul>\n<h2>Additional Details on Substituting XG for RED:<\/h2>\n<p>Sophos entry-level XG Series devices can work perfectly well as a RED device. RED site-to-site tunnels between XG Firewall devices work identically to the RED device tunnel.<\/p>\n<p>XG Firewalls also support zero-touch deployment from Sophos Central (with the Network Protection License).\u00a0 Although not quite as simple as a RED device, it is still possible to deploy an XG 86 or other model remotely without having to touch it from the head office.<\/p>\n<p>For complete instructions click <a href=\"https:\/\/community.sophos.com\/products\/xg-firewall\/f\/recommended-reads\/119318\/substituting-xg-for-red-devices-via-light-touch-deployment-from-sophos-central\">here.<\/a><\/p>\n<p>And as you may know, an entry-level XG Firewall is a better solution than RED for split-tunnel deployments, where some portion of the traffic is routed directly to the internet. This is most often the case in small office or home office situations (SOHO). Unlike RED, XG Firewall can add protection subscriptions to secure and control the internet traffic \u2013 providing better protection in split-tunnel deployments. Where RED shines is with industrial control systems (ICS) or remote device monitoring and control, where a device needs to be securely connected back to a central monitoring, control, or processing center.<\/p>\n<p>It is highly recommended that customers take advantage of the EnterpriseProtect Plus subscription on XG Firewall remote site deployments to get both Central Management (which requires Network Protection) and Web Protection for securing the split tunnel. The added cost is literally a few dollars per month. In this configuration, the remote site XG Firewalls will help improve performance of the central Firewall by providing much of the security scanning locally.\u00a0 However, if the customer intends to backhaul all traffic through the RED tunnel and do all scanning on their Central Firewall, the base license is all they need.<\/p>\n<h2>XG Licenses and RED Functionality:<\/h2>\n<ul>\n<li>Customers do <strong>not<\/strong> need additional XG Firewall licenses for site-to-site RED tunnels between XG Firewall appliances \u2013 only the base license is required<\/li>\n<li>Management of RED Devices from XG Firewall <strong>does<\/strong> require the Network Protection license<\/li>\n<li>XG Firewalls can also use IPSec or SSL site-to-site tunnels which are also included in the base license if the customer prefers a standard-based VPN protocol<\/li>\n<li>Network Protection is required on XG Firewalls to be managed from Sophos Central, including zero-touch deployment, and for Synchronized Security<\/li>\n<li>Web Protection on an XG Firewall operating as a RED device is a wise choice to secure any split tunnel traffic<\/li>\n<\/ul>\n<h2>Remote access VPN:<\/h2>\n<p>There\u2019s tremendous interest in using remote access VPN for employees working from home. XG Firewall supports two types of remote access VPN, both included as part of the Base License so all XG Firewall customers have access.<\/p>\n<p>The <a href=\"https:\/\/community.sophos.com\/kb\/en-us\/133109\">Sophos Connect client<\/a> provides an elegant and simple IPSec VPN client that is free. Customers can also opt to use SSL VPN for remote access with any commercial OpenVPN client of their choice.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-1040\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/03\/sophos-connect-clent.png?w=272\" alt=\"\" width=\"272\" height=\"300\" srcset=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/03\/sophos-connect-clent.png 443w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/03\/sophos-connect-clent.png?resize=272,300 272w\" sizes=\"auto, (max-width: 272px) 100vw, 272px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>There\u2019s a <a href=\"https:\/\/news.sophos.com\/en-us\/2020\/03\/17\/facilitating-remote-working-with-sophos-xg-firewall\/\">recent article covering these VPN options on news.sophos.com<\/a> providing an excellent overview of the pros and cons of each as well as a variety of resources for customers to take advantage of to get up and running quickly.<\/p>\n<p>This is a <a href=\"https:\/\/community.sophos.com\/products\/xg-firewall\/f\/recommended-reads\/119078\/sophos-xg-firewall-useful-links-for-configuring-vpn-remote-access\">great resource<\/a> for configuring the different VPN options on XG Firewall.<\/p>\n<p>The <a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=&quot;XG%20Firewall%20Product%20Matrix&quot;\">XG Series Product Matrix<\/a> has been updated to reflect the latest VPN metrics for each model you can use to set expectations for customers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With the tremendous interest in VPN connectivity and RED supply shortages, we have put together some important information here to help you respond to inquiries and enable customers to achieve their networking needs.<\/p>\n","protected":false},"author":19,"featured_media":607,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[10,38],"coauthors":[58],"class_list":["post-1033","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-product-news","tag-xg-firewall"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/02\/xg-firewall-v18-1600x-960-horizontal.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/1033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/comments?post=1033"}],"version-history":[{"count":9,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/1033\/revisions"}],"predecessor-version":[{"id":1064,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/1033\/revisions\/1064"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media\/607"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media?parent=1033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/categories?post=1033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/tags?post=1033"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/coauthors?post=1033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}