Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 4748 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos xg have issus in the first time configuration

Sami cnet

Hello all,

 

I have issues in Sophos xg as following:

I installed Sophos xg “SFOS 17.1.0 GA” in pc core i3, Ram 4G, 80G HDD, connect it with AD

I made a policy that allow all traffic from any to any for any user, I want to test the firewall in the first time, but I notes these:

I have 2 issues: when I choose " Match known users " in the roll and select a group of users in AD the internet stopped in their PCs, so the internet just works when un-choose " Match known users ". But even the internet works the big problem that: there are continuous cutting in the Internet, I connect the users now directly to the modem, I want to solve this problem before I can return Sophos to service.

 

Thanks

Sami

 

 

 



This thread was automatically locked due to age.
  • 0

    Hi Mate,

     

    First you need to make it atleast 6gb of RAM.

     

    And see link below:

     

    https://community.sophos.com/kb/en-us/123156

     

    Warm Regards,

  • 0

    Hi Sami,

    If you wish to use Authentication , you may use the followjing options for captive portal/ SSO. When you authenticate ,is the user location on the same group on the XG or not. 

     If not you may try to move the OpenGroup position below the groups that you have imported as it follows top to bottom as a priority.. If the users are in correct group, then the rule should work. 

    You may create a  test rule and use a single user with a different group. So it woud affect your network downtime.

    As for the network connection, there could be many reasons for having instable connection. 

    Test 1.

    Conduct a PING test using terminal .

    Command console> ping count 100 size 1000 8.8.8.8

    it should not be >5%

    Check the negotation between your WAN link of the XG and the ISP gateway/Modem.

    command  Console> system dia uti band    

    Toggle  'u' two times this should be the expected output. If not, change the negotation speed to 100MBPS FD /HD  and so on.

  • 0 in reply to Deo Angelo Lim

    Hello Mr. Deo,

    thanks to your replay and I'm so sorry to late.

    In fact, I raised RAM to 8GB, the avarage in the dashboard was: CPU 2% , Memory 44% , then follow the steps in the link, all thing right about the users and groups, I make group in AD and import it to sophos, all users in that group appear in alive users, until now all thing right.

    the problem appears when make rules, at first, I make 2 rules:

    1> to (reject or deny) any traffic from any to any.

    2>to allow all traffics from any to any, without any "Web Malware and Content Scanning", no “Intrusion Prevention ”, no “Web Policy ”, no “Application Control ”. But in “Identity” I have 2 results:

    When check Match known users” and select the group that have AD users, the internet has unstable connection.

    When non-checkMatch known users” to allow any user, the internet become stable.

    In fact, I delete the first rule “deny any” because sometimes the user stop in it and don’t Continue to the second rule.

    I note that in the log, sometimes the user has Invalid Traffic with Denied action and take no firewall rule.

    Regards

    Sami

  • 0 in reply to Aditya Patel

    Hello Mr. Aditya,

    thanks to your replay and I'm so sorry to late.

     

    About: “If you wish to use Authentication , you may use the followjing options for captive portal/ SSO. When you authenticate ,is the user location on the same group on the XG or not.

     I want just the users in AD to access the internet and control them, drop another user, but shuld I cheack the .

     

    About: “If not you may try to move the OpenGroup position below the groups that you have imported as it follows top to bottom as a priority.. If the users are in correct group, then the rule should work.

    The group in the correct group

     

    About: “Test 1.

    Conduct a PING test using terminal .

    Command console> ping count 100 size 1000 8.8.8.8

    it should not be >5%

    How to make it, I installed the Sophos xg in PC and deal with it via web browser.

     

    Million thanks and Regards

    Sami

  • 0

    In brief, when I deal with just known users from AD the connection to internet no stable

     

    when deal with unknown users the connection to internet stable