Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 944 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WS1100 to Sophos XG Web Protection

tstan

Hi, 

We currently have a WS1100 appliance that has served us very well for a number of years.

As this is approaching EOL we will have to move to something else.

We now have Sophos XG210 and will probably use the Web Protection and App control on there to replace the WS1100. Does anyone know of any guides to help make this transfer easier. Looking at the XG, it does not seem as easy to use and configure as the WS1100.

Particularly interested in

1. How to add/sync the users from our AD domain, 
2. HTTPS scanning Exemptions
3. Certificate Validation

Many thanks for any information.

Trev



This thread was automatically locked due to age.
Parents
  • 0

    Hi, thanks for that, I have seen a couple of those, but I will have a look at the rest of them.

    I was hoping that as Sophos are making the WS1100 Appliance End of life, they may have had a guide showing how to move to Sophos XG web protection  sort of documentation. Show where is section on a WS1100 is on the Sophos XG...   wishful thinking I guess.

    thanks

    Trev

  • 0 in reply to tstan

    Its more likely complicated than this. 

    As XG uses a different approach compared to WS, its not that easy to move a existing configuration. Most likely you are doing a another approach in your setup. 

    XG Firewall is a "firewall product", which naturally sits in the traffic as a layer 3 device. WS was a explicit proxy, which Clients call. 

    Maybe you want to move to the DPI engine, (new in V18), which cannot work as a explicit proxy (the technology moving forward cannot be build around this concept). 

  • 0 in reply to LuCar Toni

    Hi, thanks for the information.

    I appreciated there are differences, but they can achieve more or less the same goals?

    The WS1100 web filter has sections for different aspects of web filtering, I just would like to know where those sections are represented in the Sophos XG Web filtering.

    HTTPS exceptions

    Certificate Validation

    Add a Site to the Site list for Trust or Block

    TCP listening Ports

    How does the XG link to AD and get a list of users.

    Sophos want users to move away from the WS1100 to the Sophos XG, so I though somewhere someone at Sophos may have created a "How To" guide 

  • 0 in reply to tstan

    Hello Tstan,

    Please take a look at this KB that has a bit more information about migrating from SWA to XG.

    Regards,

  • 0 in reply to emmosophos

    Thank you for that, I am looking through it now.. it does raise more questions, but helps thank you.

    I have the XG running and tested some web filtering, but

    I am now looking at integrating AD and have this follow up question:

    Trying to migrate from a Sophos Web Appliance - SWA WS1100 to Sophos XG Firewall. Following this guide:

    "How to integrate Sophos Firewall with Active Directory: KB-000035731"

    We have a forest Domain with 2 subdomains. The XG is for all domains

    Forest.com

              Domain1.forest.com

              Domain2.forest.com

     

    On the XG - In Authentication > Servers  click Add to configure the Active Directory:

    When adding the servers to the servers section in authentication on the XG,

    Do I add the Forest DC or the Domain1 and Domain2 AD servers.

    The SWA WS1100 uses the forest DC as the Active Directory Domain and for the Primary Domain Controller and imports all the users automatically from the other 2 sub domains.

    Our users are on each of the Domain1 and Domain2 AD Servers not the Forest.DC, If I just add the Forest.com AD server will it automatically bring in the users from the 2 subdomains.

    Thank you

     

  • 0 in reply to tstan

    Hello Tstan,

    You can just add the forest.com as long as the trusts are there, by default the subdomain child/parent trust should be there.

    In this case, since it works as in the SWA this should be the same in the XG.

    Regards,

Reply Children
No Data