Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 24 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 1585 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sigh, okay I am trying XG again...

Amodin

I have it installed, and I *think* I have some things configured correctly.  I have been running this only a couple of days, and that is longer than any time before.  ;)  So, there is some hope still of me keeping this (long time UTM user - old dog, new tricks issues).

I do have some questions and concerns about XG:

- Why are we not allowed to edit the Exceptions lists that are built-in?  Microsoft Updates are disabled by default in exceptions, and Office Updates are being blocked by default.  That's a bit concerning to me.

- Rules and Policies are still an absolute mess to me, but the Assistant does help a little bit (a lot) with this.  Thank you for that tool built-in.

- I do a lot of gaming and I am used to having to open ports to make things work.  I have yet to open a gaming port after being on XG - how is that possible?  And, adding a custom port to open (HomeAssistant) was painful to get right.  Does XG 'just know' what to block here?  This is my big concern with this: A rogue PC/device/etc on the local LAN transmitting out to a site.  It seems pretty solid for anything incoming, but outgoing I question.  Perhaps I don't understand the behavior of XG in how it handles outbound traffic, but at first look it feels like everything is open and you have to close everything up, completely contradictory to what it's always been.

- I have an extremely large list of web ad URLs.  It appears that the only thing I can use to add this for filtering is creating categories and applying them to be blocked in my policy.  The issue I have with this is that I am only allowed 2,000 entries per category, so this isn't an effective method of blocking ads.  I had to create seven categories and add them to a policy to filter out some ads (aside from any other filtering going on).  I could have just set this up completely wrong, but was the only thing I saw where I could import text files.

- Is there going to be any kind of allowed modifications to change the display such as the connection list?  I have a 4k monitor with a 3840 resolution.  Everything I have to scroll through to be able to see everything even with this large of a resolution because these lists don't adapt to screen sizes.

I have more, but I can make another post or reply later on.  I'm sure   will hate me being here (ha!) as I am pretty critical of this software and keeping them on their toes.  I really do want to like it and use it but I have no time for boxing matches with software, and if it's not for me then so be it.  I'll give it a fair try this time (I've only been able to stomach this software in the past for only about four hours before I went back to UTM).



This thread was automatically locked due to age.
  • 0 in reply to LuCar Toni
    LuCar Toni said:
    And to be honest, if you are a home user only, the question is, why sticking with UTM/SFOS in the first place? Other products on the market offers you a set of technologies for the home network only.

    *scratches head*

    I don't think I've seen anyone try harder to get rid of a customer, to be honest.  I use it because quite frankly, I may have been using this product since long before you were at Sophos perhaps?  It's been my go-to all the time I've ever been in I.T.  I've administered it, implemented it, supported it, and it's been a solid product.  You think I'm being critical because I don't like it or something.  Far from it, I actually do like, pay for, and use Sophos products, and I tell people to use it! It fits the needs at home as well, so that's just a bonus and Sophos has been gracious to offer a home use license.  That doesn't excuse decisions that may make no sense, or features to be waited on for years that both commercial and personal users could benefit from with products. I wasn't even being critical in this post, I was clearly asking for information/help.  And, I got it.  But hey, I can easily disappear if that's what you are trying for here.

    LuCar Toni said:
    First of all - SFOS (and UTM) was never build to be used in a Home Network. That is the reason, some of those points are not applying to most customers (at all). The reason is: Home networks uses weird approaches to certain technologies, as most vendors of software expect to have "internet access". For example, if you look into most IoT hardware and how they work, you see weird implementations of connection technologies. 

    I'll also go ahead and disagree with you here.  It's a network.  There's nothing more magical about it than a fiber backbone airport running 50 servers and 500 clients, it's a network.  It's basic, not complex.  Software applications require ports to operate that are open, and be secured against ports used in attacks - there's nothing different.  What is "weird" about IoT?  The only thing Sophos would ever be concerned about is ports, which it handles fine.  WAF maybe?  Again, something already built into UTM/XG.  So it can't handle a basic setup and only geared towards complex environments?

    LuCar Toni said:
    Again the same answer like above - This is something, only home users are following up. Using Web categories is a way to do this, yes - But i am doing it client based (on the client itself) and not on a firewall. 

    I'd have to actually agree with you on this point, it's just much easier at the client level to manage URLs. If there was a way I could just import one list like UTM, hey all the better.  Problem with client tools, especially on smart phones is there frankly isn't much there.  PCs, sure, all the time.  Phones are another story and very limited when it comes to effective blocking.  I was still blocking ads in UTM when the phones could not, it was helpful.  Overall I get it though, just easier at the client.

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5

  • 0 in reply to alan weir

    If you do not decrypt, you will likely not fetch Eicar at all. 

    __________________________________________________________________________________________________________________

  • 0 in reply to Amodin

    The big difference is IoT / Home Setups have different components compared to business networks.

    It starts with documentation of software. Most (not all) business application will come with a documentation of "how it works", what ports are needed, does an inspection of the TLS Traffic work etc. 
    You will not find this in any kind of IoT / home network. My current network has 40 devices. 38 of them are completely intransparent of how they work. I could spend time and reverse engineer, what they actually are doing, like i did for example for some games. But what is the point, if they will brake next update? Or some games have randomized dedicated game servers. So you have no way to inspect this at all. The other devices are stuff like TVs, IoT devices etc. Most of them do wild connections to the internet and do stuff. 

    You will find this kind of IoT in Business networks as well, but you will most likely separate them from the network and simply allow WAN access only. 

    BTW: The movement towards Port443 is there anyway. So it the time to "which port do i need to run this?" is over. 

    I am not here to get rid of you or anything. You can use the product as long as you want and you can also criticize the product. I just wanted to give some insights of, why certain features may not be in the product.  
    I was simply answering to your point about "You do not want waste your time". Certainly most people here are willing to answer all questions about the migration steps. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I was decrypting. The browser was fetching the Eicar.com file and allowing the download at first, but DPI was blocking the .Zip files of eicar. Then after opening incognito mode or private window, then DPI caught the Eicar.com file. I only suspected that the link for eicar was saved in the download history and the browser was going from it's cache instead. It's working now especially odd that the TLS/SSL Decryption rule is set to Action="do not decrypt" by default.

    Until I disabled the default rule and created a new one.

    EDIT: DPI was not detecting the virus, but the download URL as "Spyware and Malware" category UNTIL I created a new rule and disabled the default one.

Unfiltered HTML