Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 630 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New XG125 w/ V4 Firmware

Robert Mitchell

SOPHOS ISSUES   XG125 New Oct 2020

1) Extremely and I mean EXTREMELY slow admin interface.   Approx 15-30 seconds each and every time you make a change to any parameters before it is completed writing it, and refreshing the screen.   You need to plan carefully because if you have a dozen or more rules to add, it takes quite a long while to enter.

2) Screen does not allow enough space to see the name of the Address object it cuts off after 3rd segment, ie.  192.168.100.    so you must mouse over each and every rule to find the right rule.   Very time consuming and needless.   Allow full width of the screen and the problem is solved.

3)  WIth 21 rules added and associated NATs entered, the XG is showing 78% memory usage.  What??   Why, I haven't entered any VLAN information yet.  What happens when it is 90,95 or more % filled does it just keel over?

4) It takes MINUTES to reboot, plan carefully because you will be offline for at least 5-6 minutes.

5) Right out of the box, could not configure 100/FULL Duplex, could not get WAN Link light.   Had to configure it 1GBe/FULL and pay the extra at the hosing facility. OK perhaps that is fine, but WHY?

6) VPN,  Cannot select from multiple VPN END POINT .   Meaning, if you have more than one location, you must rename the configuration file and use the configuration file specific the the End point you want to connect to.   Someone really has to be kidding with this one, it is not 1971 is it?

7) High CPU usage 50,65,80% CPU and the unit is not even active yet.  WHY?   It settles down after while to 10,20% but what is it doing during the other moments.   Again no traffic yet.

8) Some NAT Rules seem to go offline after 15-20 minutes and need to be resaved and take effect again for 15-20 minutes.   Not all of them, just some of them.  What?  Again how could that even be possible and really raises concerns about this particular device quality.   Regardless paying extra to have the authorized reseller research the issue but can't turn this on this way.

POSITIVES

     Country blocking interface is easy to configure and worked reasonably well.   But not certain the SOPHOS Country IP list is really up t date, because it is letting through some that are "Blocked" zones.

     Cost, it was cheaper than all of the other manufacturers at similar hardware levels by 30%.   Got me to buy it, but see issues...is it worth the extra trouble?

     Some reporting seems better than others like Sonicwall, CISCO ASA (who's reporting is really quite inadequate by default), but Sonicwalls don't have the other 8 problems above and we have had a dozen of them of all sizes.

     Colors on the graphs are nice, but what pertinent information am I getting with those graphs?

Lastly, all of this having been said.   There might be corrections available for #5, #6, #8.   But the others seem like something we would have to just live with...not sure that is reasonable to and very uncomfortable putting any load on this with CPU and Memory where it seems to be.   We have a SG125 also that we loaded the XG software onto as well...same thing (except #8 not happening).



This thread was automatically locked due to age.
Parents
  • 0

    XG resource and webadmin consumption are basically another approach. The Webadmin should be faster in regards of your responsive time but will not get slower than your current experience, even if you pump the configuration full. Thats a pro statement. The database is build to get as much objects and configuration into it, without loosing the speed. What you can do: Use Central Management to get your configuration done: In Central you can configure most of your stuff in a quick manner (As it uses the cloud backend). It will then push the configuration to the XG. 

    The Webadmin has not the highest priority compared to other modules. Simply because the hardware is limited to its own resources and Sophos need to think about: Should the appliance get slower in throughput, if somebody starts to configure something? Thats the reason, the appliance does not give you much resources to deal with with the webadmin. 

    Do not think about the Mem / CPU consumption. It will not increase, if you add 100 VLANs. It will not increase if you add 500 VLANs plus more Rules. The backend already placed its bet on your configuration. 

    About your VPN Point: I am not able to understand what you mean? Do you talk about Site to Site VPN or Remote access? Sophos promotes Sophos Connect (Own VPN Client for IPsec/SSLVPN). Should be one config file for everything and its free. 

    Your NAT issue looks odd to me. I would recommend not using Linked NAT Rules. Instead only NAT rules for your needs (DNAT for example) and everything else fetched by the Default SNAT Rule on the bottom to MASQ the traffic to WAN. 

  • 0 in reply to LuCar Toni

    Hi LuCar,  Thank you for your thoughts.  I will look into Central Management which seems like a reasonable option.   For the last point with the NAT's stopping, our FW's vendor redid their data entry setup and suggest problem should go away now.

    Best Regards,

    Robert

Reply Children
No Data