Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 20 replies
  • Subscribers 28 subscribers
  • Views 14120 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall Home better h/w: UTM 110/120 Rev5 or XG 115 Rev2 ?

Escape75

Hey guys,- I'm fairly new to Sophos and I'm trying to get a home router in place with a decent firewall,

L2TP over IPSEC VPN without 3rd party clients, something around 100 mbit down, and 10 mbit up performance.

 

Right now I'm using generic Asus home wireless router, and I will be changing that to be access point only,

and I'm either considering Sophos or something else that's fairly easy to setup, for example, an ubnt EdgeRouter.

 

So my question is, without spending a bunch of money, I can get some used UTM 110/120 rev5 (still newest I think ?)

or an XG 115 rev2 (one model older than the refreshed rev3), and I will be trying to install XG Firewall Home on it,

and I was just wondering which of these hardware boxes (or maybe something different ?) would be a better fit ?

 

Edit: From the specs pages, it looks like XG 115 r2 can do 350 mbit VPN compared to 180 mbit for UTM 110/120 r5,

so it seems the XG is a better unit even though they look virtually the same ?

 

I'd like it to be stable, of course, I don't need wireless, and I'm alright with opening the box up, replacing the SSD, etc.

It also has to be fanless because it will be sitting next to my PC :)

 

Any suggestions?

Thanks in advance!



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Escape75

    Hi,

    I built a lower power (10w device)  using a commercial box with J1900 (quad core celeron), 6gb ram, 4 intel NICs and SSD and found the XG GUI quite slow when updating rules etc that is what that comment is about. The box was very responsive to user websurfing requests.

    Ian

Children
  • 0 in reply to rfcat_vk

    Interesting, I wonder how good the "official" XG 115 units run then ...

    The new one uses an Intel Atom E3940 @ 1.60GHz, almost identical to J1900.

  • 0 in reply to Escape75

    I am still struggling about the fact of "Ebay Appliance".

     

    XG is shipped in commercial version with Base License until year 2999. Base license has VPN (IPsec SSL remote access / site to site) included. But you cannot use any module else like Web filter, IPS etc. They are bind to ether subscriptions or XG home. 

    So you could run this with the bought version in your scenario. But i do not know, what you will get from the Ebay vendor. I cannot comment the source of this device. 

    Home is bind to Software Appliances only, so you would have to "reinstall" the hardware appliance with the XG Software ISO. Otherwise the hardware image will decline the Home License / SN. 

  • 0 in reply to LuCar Toni

    Correct, I was thinking about re-installing the XG Home from an ISO and running that way.

    This should give me all the new features, and VPN access, etc.

  • 0 in reply to Escape75

    Hi Martin,

    correct, you might need to search h the XG forums for advice if your replacement disk does not install correctly.

    The newer chip while slower should perform better because some of the newer security features are inbuilt.

    Please update how you go?

    Ian

  • 0 in reply to rfcat_vk

    Ok, I will play around with the XG on a VM and go from there.

    Can the XG hardware host the UTM 9.1 Home Firewall as well?

    Just wondering, I’m guessing the interface would be more responsive ...

  • 0 in reply to Escape75

    Hi Martin,

    I believe so.

    Both firewalls work well on a VM. I have in the past run both on a VM, but to reduce the heat and power I went for a lower power box which works well. 

    Ian

  • 0 in reply to rfcat_vk

    I don't want to steer off topic here, but just testing UTM9 on a VM and how can this firewall rule possibly allow L2TP over IPSEC from outside on WAN ?

    Any to Any is set to Drop ...

     

  • 0 in reply to Escape75

    Hi Martin,

    are you saying it is allowing it?  What does the VPN tab show and if you configured it during the installation as default, the rules will be hidden and have a higher priority than 1.

    A minor thing is rule 6 should be internal any any drop/reject.

    Ian

  • 0 in reply to rfcat_vk

    Maybe I'm not understanding the firewall and it works different than on other systems ... :)

     

    I created an l2tp server on the UTM, and I'm running it virtually with 2 nic's bridged,

    the other options such as reply to pings, etc., all seem to work although after playing

    with it for a brief period only I could not the get pings setup in a way where it would

    not respond to pings from WAN, but would respond to pings from LAN interfaces.

    (Of course I could setup firewall rules for that ..)

     

    But what's happening is that under firewall, I select show All rules, there's only

    the automatically setup ones, and I disabled all of them, and left any-any-drop

    and I can connect to my WAN interface l2tp server just fine ...

     

    EDIT: After I enable spoof protection it blocks access, ...

    I'm assuming things don't work properly because it's running on a VM

    and I'm testing from that same system that the VM is running on ...

     

    I see ... it's using my aliased .10.x instead of .12.x to connect to .12.70 (UTM)

    Spoofed packet UDP 192.168.10.75 : 500 → 192.168.12.70 : 500

  • 0 in reply to Escape75

    So far so good, I was able to purchase a Sophos XG 115 rev 2

    from ebay.com for about $130 USD shipped which I think was

    an excellent deal :) It was apparently first purchased in 2017.

    Once I receive it I’ll see what to do, right now it runs 17.1.1 MR-1.