Last week, I was involved in a very interesting project to deploy an
Astaro Sophos Remote Ethernet Device.
As mentioned here, the Sophos RED, is a small (white) box that extends the reach of a the Sophos UTM firewall to a remote site. Ingeniously, when deployed, it appears as another ethernet interface on the UTM even though it’s physically located elsewhere on a different Internet connection. This means that you can do interesting things with it, such as VLANs, DHCP relay etc, and it’s all administered from the normal UTM web management interface! So, what did we do with it?
Well, we set it up with two VLANs, one for data, the other for voice. The switch at the remote site was also configured for both VLANs, and LLDP was configured to make sure that the devices come up on the correct VLAN. The Linux based DHCP server at the main site services subnets for both VLANs, DHCP relaying configuration in the UTM took care of getting the IP addresses to the remote devices. Firewall rules were set up to allow access from the remote site and we were ready to go.
We plugged in a laptop and it picked up an IP address, going well so far… Next was the phone. It booted up, grabbed an IP address from DHCP along with all the various Mitel settings and registered itself with the PBX! It’s very satisfying to pick up a phone and hear a dial tone – best not to think about the protocols involved or you might just get your LLDP mixed up with your L2TP and then where would you be??