Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 29 subscribers
  • Views 1069 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG firewall Home

onweg karl

Does anyone uses Sophos firewall home? Is it wort trying? I use PFSense now, with lots of settings ( pfblocker, snort, ha proxy, 2 VPN, 5 VLAN). Is the home version enough for these https://nox.tips/? Thanks for the answers.



This thread was automatically locked due to age.
  • 0

    Hello ,

    Thank you for reaching out to the community, everything you need to know about the Home edition - https://www.sophos.com/en-us/free-tools/sophos-xg-firewall-home-edition

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • +1

    Hello!

    onweg karl said:
    Is the home version enough for these?

    Yes, snort on PFsense have a 30 days delay on signature updates, even then It isn't as useful since It has no tuning at all. Meanwhile with Sophos Firewall the IPS signatures are available as soon as possible, also there's a easy interface which allows you to use different IPS policies (signatures) depending on which traffic you want through Firewall rules. (By creating IPS Policies)

    For pfblocker, you won't be able to import the DNS lists directly to the Firewall since It doesn't have DNS filtering capabilities.

    But, since the Firewall is able to inspect traffic directly at L7 through DPI you can use those list with Web Filtering policies, the difference on this is - It doesn't have to depend on DNS traffic at all, even if a client is using DNS over HTTPS/TLS the Firewall is still able to block any (Web traffic) domain you want through DPI, at any (TCP) port interdependently if the traffic is TLS encrypted or not. (It can block TLS traffic through DPI by analyzing the certificate SNI.)

    For haproxy you can use the WAF function, but I recommend you to setup your own reverse proxy since the WAF doesn't have TLS 1.3 or HTTP/2 capabilities.

    VLAN's is fully supported even on bridge interfaces, also depending on your VPN setup It should be the same thing. (IPsec or SSLVPN, which is OpenVPN.)

    At last, I recommend you to look at the Docs to get a understanding on the basics of the Firewall, you can read them though here.

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

Unfiltered HTML