Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 31 replies
  • Subscribers 34 subscribers
  • Views 2372 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG / XGS ongoing issues list

Steve Klassen

Hi there,

I've been hesitant with moving from SG to XGS. I did dip my toe into the XG pool by setting up one location with an XG Firewall, however the experience was poor. So I'm currently planning a hardware refresh with SG for the next 3 years as I still think XGS is half-baked. I'm aware that XG is old, and XGS is a newer version and might be better, than XG, however...

Issue #1 - I have had many issues with our XG router not renewing it's WAN IP when the ISP changes it. I hear this is still an issue in XGS.

Issue #2 - There is no release/renew for any interfaces. I hear this is still an issue in XGS. And yes, a workaround is to assign a static IP, and then remove it... but if SOPHOS can't correct something simple like this for years... I can only imagine what other issues that I don't know about are also still un-fixed. 

Issue #3 - I use one of our SG devices as an internal relay for our Copiers. I have a consultant that deals with SOPHOS across many client businesses, and they've told me that they gave up on using the mail relay on XGS as it has been unreliable. They moved their clients to a paid mail-relay-service because of how poorly it works. 

These are some of the issues I recall off the top of my head. I'd be interested in feedback on these issues.

Also if anyone knows of other problems like these, that I may not be aware of, please add them to this list.

Thanks 



This thread was automatically locked due to age.
Parents
  • 0

    Issue #3 - you are talking from hearsay here. I can't confirm this at all for V18.5.x and V19.0.1 and we have several customers using XG/XGS

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    Not heresay... 

    I admitted I don't have an example to test myself, and I have a credible resource who has many clients with XGS and they have had a bad go of it. So, I am looking for confirmation and feedback from the community if it's an issue, or that it's not. I'm just not looking to dive in, and arrive at a problem.  

  • 0 in reply to Steve Klassen

    All I can say from my own experience: XG/XGS is a different platform from SG-UTM. So test the functions you need step by step and try to achieve your goals. There is no 1:1 replacement.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Steve Klassen

    I don't have a huge sample size but I've used the onboard mail relay a few times without a problem. I'd be interested in hearing what the actual problems are though.

  • 0 in reply to carbon15

    Me too. I would be interested in real world experience.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
  • 0 in reply to jprusch

    We've used the relay functionality at just about every site, anywhere we have migrated to Office 365 and no longer have Exchange on premise. I've not really seen any issues with it, it seems to work fine as long as it's been configured correctly, often see people forget to change the HELO name it uses (defaults to "Sophos") and a few other quirks, but just seems to work.

    It's funny but the exact thing that was mentioned on #3 about using it for multifunction's, is exactly why we use it, would have systems that wouldn't talk TLS properly and freak out if trying to relay via 365. Plus it has made diagnosing issues far simpler as we can jump on the XG and see the email transaction, whereas when scanners were talking directly to 365, you'd not always get data in the message tracking to identify what was going on.

  • +1 in reply to Ross Fawcett - Aeris Networks

    OK - Let me rephrase the point about #3. 

    In general SMTP Relay works fine. 

    SMTP Auth is something, which is not RFC standard. This means, you cannot do an authentication against SFOS using SMTP Auth. This is often times used from WAN devices to use the firewall/MTA to relay to the internet back. This is not working.

    If you use the Host based Relay option, there is no problem (and in general it is the same - IP based or Auth based relay will do the same). SMTP auth would be "more flexible" tho. 

    So the part about "Relay to O365" should not be a problem, if its a internal network device. If you have a external device (like a service), there could be a potential limitation. 

    And to rephrase my point earlier: Personally i see a potential problem in using a MTA Relay firewall for this option. Simply because the firewall (UTM and SFOS) does not offer the proper tools to track this. So you are starting to have multiple point of Email history (for example Exchange and the firewall) which have different histories. The logging on your mail product like exchange is incomplete etc. 

    __________________________________________________________________________________________________________________

Unfiltered HTML