Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

RED: Restart tunnel instead of unit

When the internet connection drops at the main site (UTM location) the RED restarts to get the tunnel up again. When (for some reason) the internet connection stays down at the main site all internet activities at the remote location are down due to continuous restarts of the RED. If the RED only tries to pick up the tunnel, the internet at the remote location can still be used.

109 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Alex GnocchiAlex Gnocchi shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    9 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • TonyTony commented  ·   ·  Flag as inappropriate

        Just to add - Andrew Kay suggests that the RED is a "fail closed" device, and it is. But I think when Transparent Split was added, the failed closed makes the mode completely un-usable. The whole point of T/S mode is that you're providing a host or network access to a specific resource but leaving the access control policy to the firewall on the network. The only way Fail Closed makes any sense is in standard mode where you do not want any traffic to make it to the internet. I'm glad to see this is under review, even if its been under review since 9/2013. Hopefully after the next big release of the firmware for the UTM is out, we'll either see this move forward to close it. :)

      • TonyTony commented  ·   ·  Flag as inappropriate

        This seems to be a big point of confusion. I was about to deploy a RED in Transparent/Split mode and was concerned that the RED would reboot after the UTM goes off line and effectively block internet access.

        Yesterday, I setup a RED in T/S mode in the lab, and blocked the red's ability to communicate with the UTM that is located at another office. After several attempts to contact the UTM the RED rebooted and the devices behind the RED lost their internet connection.

        I can confirm 100% that after the RED loses connection to the UTM, it will reboot, and will not pass any traffic. For uses where the RED is either in T/S or Standard/Split, having the RED reboot and block internet access is detrimental to the use cases where I've deployed it.

        I agree that if all possible, the RED shouldn't just reboot to try to bring up the tunnel again.

      • Andrew KayAndrew Kay commented  ·   ·  Flag as inappropriate

        I thought that the RED was a "fail closed" device which means that if in split mode the tunnel goes down, the RED will no longer forward *any* traffic. If so, that makes this moot.

      • Jan MullerJan Muller commented  ·   ·  Flag as inappropriate

        Are You using RED50? We had problems with RED50 restarts we were talking to support. We recieved hotfixes to greatly reduce restart time, I imagine they will be released some time soon. Also, do You have AP5 usb wifi plugged into RED? This caused problems as well.

      • Anonymous commented  ·   ·  Flag as inappropriate

        This is a must have. Rebooting the device is not a option when uses as default gateway for the local LAN. All clients are losing their connection to internet until the problem on the utm location is solved…

      Feedback and Knowledge Base