What is Sophos view on network access control?

I certainly wouldn't rely or use a UTM/XG for NAC. That's done at L2so you need to be looking at your switches and radius for 802.1x.

There was some interesting discussion ongoing in the EAP Sub forum.

https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v17-5-early-access/f/sophos-xg-17-5-early-access/108538/sync-sec-important-announcement-on-synchronized-security-features-on-xg-v17-5-early-access

Worth to read about NAC. 

Yeah, I was looking at that. It's interesting but I suspect there will be a few hurdles on the way and possibly a while before it's taken up. I understand the reasoning behind it as NAC can be a pain at times. It will be interesting to see how they deal with non managed clients and their interaction with switches etc

Thanks, I had seen that and it sounds good BUT it relies on devices having sophos endpoint client isntalled while a NAC solution protects agaisnt rogue devices too.

If anybody else finds this thread, there were a couple of interesting points mentioned in the comments. I think this one and the next 2 are to be highlighted: https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v17-5-early-access/f/sophos-xg-17-5-early-access/108538/sync-sec-important-announcement-on-synchronized-security-features-on-xg-v17-5-early-access/388405#388405 

I like the concept and it's another tool to use ie a NAC won't stop a virus spreading but this has the potential to. I do hope they adhere to standards to implement it and don't go of on a tangent like M$ does.

M$ in their infinite wisdom decided to create a non standard Wake on Lan proxy within their SCCM software. It allows clients with the SCCM client installed to share mac addresses so if a client goes to sleep, the mac address can switch to another client on that lan which then does the waking up.
Now that's fine, unless you've got a 802.1x network and it starts playing havoc with it when ports shut down due to seeing a new mac address. It's almost virus/worm like behavior and all because they decided to do their own thing like the did with their network load balancing etc.

So please Sophos.... don't do an M$ and create your own non standard protocol etc to achieve the end result.

I like the concept and it's another tool to use ie a NAC won't stop a virus spreading but this has the potential to. I do hope they adhere to standards to implement it and don't go of on a tangent like M$ does.

M$ in their infinite wisdom decided to create a non standard Wake on Lan proxy within their SCCM software. It allows clients with the SCCM client installed to share mac addresses so if a client goes to sleep, the mac address can switch to another client on that lan which then does the waking up.
Now that's fine, unless you've got a 802.1x network and it starts playing havoc with it when ports shut down due to seeing a new mac address. It's almost virus/worm like behavior and all because they decided to do their own thing like the did with their network load balancing etc.

So please Sophos.... don't do an M$ and create your own non standard protocol etc to achieve the end result.