Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 20 replies
  • Subscribers 28 subscribers
  • Views 14120 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall Home better h/w: UTM 110/120 Rev5 or XG 115 Rev2 ?

Escape75

Hey guys,- I'm fairly new to Sophos and I'm trying to get a home router in place with a decent firewall,

L2TP over IPSEC VPN without 3rd party clients, something around 100 mbit down, and 10 mbit up performance.

 

Right now I'm using generic Asus home wireless router, and I will be changing that to be access point only,

and I'm either considering Sophos or something else that's fairly easy to setup, for example, an ubnt EdgeRouter.

 

So my question is, without spending a bunch of money, I can get some used UTM 110/120 rev5 (still newest I think ?)

or an XG 115 rev2 (one model older than the refreshed rev3), and I will be trying to install XG Firewall Home on it,

and I was just wondering which of these hardware boxes (or maybe something different ?) would be a better fit ?

 

Edit: From the specs pages, it looks like XG 115 r2 can do 350 mbit VPN compared to 180 mbit for UTM 110/120 r5,

so it seems the XG is a better unit even though they look virtually the same ?

 

I'd like it to be stable, of course, I don't need wireless, and I'm alright with opening the box up, replacing the SSD, etc.

It also has to be fanless because it will be sitting next to my PC :)

 

Any suggestions?

Thanks in advance!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Escape75

    Hi Martin,

    I believe so.

    Both firewalls work well on a VM. I have in the past run both on a VM, but to reduce the heat and power I went for a lower power box which works well. 

    Ian

  • 0 in reply to rfcat_vk

    I don't want to steer off topic here, but just testing UTM9 on a VM and how can this firewall rule possibly allow L2TP over IPSEC from outside on WAN ?

    Any to Any is set to Drop ...

     

  • 0 in reply to Escape75

    Hi Martin,

    are you saying it is allowing it?  What does the VPN tab show and if you configured it during the installation as default, the rules will be hidden and have a higher priority than 1.

    A minor thing is rule 6 should be internal any any drop/reject.

    Ian

  • 0 in reply to rfcat_vk

    Maybe I'm not understanding the firewall and it works different than on other systems ... :)

     

    I created an l2tp server on the UTM, and I'm running it virtually with 2 nic's bridged,

    the other options such as reply to pings, etc., all seem to work although after playing

    with it for a brief period only I could not the get pings setup in a way where it would

    not respond to pings from WAN, but would respond to pings from LAN interfaces.

    (Of course I could setup firewall rules for that ..)

     

    But what's happening is that under firewall, I select show All rules, there's only

    the automatically setup ones, and I disabled all of them, and left any-any-drop

    and I can connect to my WAN interface l2tp server just fine ...

     

    EDIT: After I enable spoof protection it blocks access, ...

    I'm assuming things don't work properly because it's running on a VM

    and I'm testing from that same system that the VM is running on ...

     

    I see ... it's using my aliased .10.x instead of .12.x to connect to .12.70 (UTM)

    Spoofed packet UDP 192.168.10.75 : 500 → 192.168.12.70 : 500

  • 0 in reply to Escape75

    So far so good, I was able to purchase a Sophos XG 115 rev 2

    from ebay.com for about $130 USD shipped which I think was

    an excellent deal :) It was apparently first purchased in 2017.

    Once I receive it I’ll see what to do, right now it runs 17.1.1 MR-1.

  • 0 in reply to Escape75

    Ok, I was playing around with my "new" XG115 and it came with 17.1.1 MR-1 with an expired license (no surprise there)

     

    So I downloaded 4 ISO's, XG HW, XG SW, UTM HW, UTM SW and here's my findings ...

     

    XG HW - works and restores appliance to factory firmware, won't work because license is expired, home license doesn't work.

    XG SW - works great, you install the Home Serial and it will expire in year 2999, so a good choice,- maybe best out of all 4?

    UTM HW - works as well, you just need to remove /etc/asg and register with UTM Home license. Install fix same as below.

    UTM SW - works great, use Home license, will expire in 3 years. Use "mount /dev/sdb1 /install" fix when installing from USB.

     

    No surprise both UTM IOS's work as they are virtually identical for contents,

    but what is surprising is that the XG SW knows it's running on a real appliance and it will configure itself for it.

     

  • +1 in reply to Escape75

    I belive the answer to this question is:

    UTM 110/120 Rev5 is slower (hardware wise) than a XG 115 Rev2.