Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1551 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Some advise for private usage of Sophos products

Matthias Gerhardt

Hello community,

I am currently very unhappy with Sophos and the usage for private networks.

My current issues are:

  • Several technical issues: SFP-VDSL2 not working, joining the Sophos Central not possible
  • Licensing: The entire license structure is quite unclear to me, especially at reasonable costs
  • Ending on-premise endpoints in summer 2023

So going back to the planing, here is what I want:

  • Securing my private network including two Laptops of the company, I am working for (Home Office)
  • Securing my private devices including MacBook, Windows Laptop, tablets (Apple, Huawei) and Smartphones (Apple, Samsung) - 2 persons using this
  • Securing my private NAS
  • Securing some IoT/SmartHome devices, like Neato Vacuum cleaner, Logitech Harmony Hubs, Sonos speaker, SmartTV, …
  • Secure connection to one VPS Server and my parents place

By securing I mean especially:

  • Avoid threats for the devices like Maleware, Ransomware and so on.
  • Avoid this marketing/advertising tracking, which is so much on the internet, at least on a certain level

What I already do have as hardware:

  • Sophos XG106, including to not properly working VDSL2-SFP-modems
  • Ruckus r510 Access Point
  • TPLink managed Switch with PoE
  • FritzBox 7530

Reasonable costs besides buying the hardware are annual fees up to 40€. I know, it‘s not much, but much more usually private persons spend for security subscriptions.

At the moment, I am quite unsure what‘s happening with Sophos aggressive Cloud strategy and which licenses in which size I do need and which costs a have calculate. From a technical point of view, running a FritzBox with PiHole as local DNS worked better for me, although I know, that none of these components deliver more than basic network security.

Thanks for your advise.



This thread was automatically locked due to age.

Top Replies

  • +1 suggested

    Hi,

    I would suggest you put the fritzbox in passthrough mode while you are waiting for an answer on the VDSL issue. What Is not clear to me with your VDSL issue, is the device you are using a sophos compatible or another supplier hardware.

    You can secure all your IoT devices to varying degrees, depends on how serious you are.

    You can stop a lot of advertising but not all because some sites have embedded the install attention seeking advert in their web page, absolute pain, the connecting links get blocked.

    Connecting to a VSP server I can't help there and your parents place will depend on what they are using as their firewall device?

    Your endpoint expiry will be when you licence expires.

    The licence module cost for XG licences is based on your XG106's power. The licence fees are 1, 2 or 3 year subscription with dual anti-virus, geoIP and application firmware updates included.

    1/. web proxy licence for advert scanning etc

    2/. mail proxy for mail scanning

    3/. network protection

    4/. base firewall

    The other modules, unless you have a fileserver that you wan to access from the internet are not necessary. Sandstorm probably not for home.

    Central is a free licence with the condition that you can only store 7 days of data and not full functionality.

    When you purchased the XG106 you would have been advised of the various modules and licensing costs. I would recommend that you talk to your reseller/partner for more details.

    Support, first level support is basically these forums and because you have a paid licence the support portal to create cases.

    I am a home user and can assist you with some of your setup information if you need it.

    Ian

    Jump to answer
Parents
  • 0

    I am using an XGS for work-from-home and it is quite reasonable. If you want a cheaper option, there are many choices ranging from ISP-provided devices to Ubiquiti, Mikrotik, and PFSense. (I forgot to add the Firewall Home Edition on your own hardware, with limitations, for free. I think this is SFOS, not UTM.)  Sophos is commercial-grade and has a great price point at the low end.

    The fee structure has been simplified, and provides a lot of value. Less-expensive consumer-grade devices do not provide the ongoing updates that Sophos does. At least I'm not aware of any inexpensive devices that automatically update various components on a two-hour schedule. if you get a cheaper device that includes Snort and then pay for daily Snort updates (or is it weekly?) you'll be paying way more than what you mention. You can use the less-expensive or free Snort updates if you're willing to be a month or more behind, but that's your choice.

    I'll admit that I still haven't figured what advantage there is to a 3-year subscription. There doesn't appear to be a major price break. And having to buy through reseller channels is... painful. But that's the way commercial vendors work and this is a commercial device.

    If I were complaining, I'd complain that they require stepping up to a more expensive and over-spec'd device to get an SSD. I should be able to plug in a USB SSD and have on-device logging. Also, the whole Sophos Licensing (MySophos) website thing is crazy confusing. But trying to get Sophos to offer a consumer-grade/consumer-priced device doesn't make sense to me.

  • 0 in reply to Wayne Folta

    Thanks for answering. Well, I have purchased the XG106 via private Market not at a reselling partner.

    Nevertheless, maybe best option is to call a Sophos Partner in Germany and getting some advise on the licenses.

Reply Children
No Data