Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 30 replies
  • Subscribers 40 subscribers
  • Views 77581 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I think I want to cry

MartyGworek

What is this? What has happened to such a great product? 

Setup was horrible. It used to be so simple, setup basic networking during install. Once I finally got in after having to change my network around, I still haven't figured out how to setup a simple nat.

I work for a tech company that I used to throw your name out in our meetings all the time on how we should be doing things.

I thought esets new version was a pain. 



This thread was automatically locked due to age.
  • 0
    Hi,
    if you come from UTM background you consider this product still in beta and very good for home use. If you come from a cyberoam background you think this is an excellent release.
    So much is still broken or not finished and as a security product it is not up to any corporate standard. Sophos might be selling this product as the way of the future firewall security, but this version is just ruining their reputation which they will have a very hard time recovering from. I do realise that these forums are a for user to user support, but the occasional visit by somebody who knows what is being fixed and when would help improve user/customer confidence.
  • 0 in reply to IanMorehouse
    I would also challenge it being good for 'home use' at this point. XG brakes way to many things and in order to get things working we need to disable things like HTTP scanning & turn off web filter. I am hard at work looking for a replacement product for my home. I thought UTM was bad for the home but at least you could just create Regex entries to get things like Netflix & gaming consoles working without completely turning of security for those devices. I am with you Sophos is very much giving us a sour taste and that's going to be hard to reverse.
  • 0

    If either of you can tell me how to setup a NAT, i am willing to give this thing a try. Luckily, I am trying it out at home first. So glad I didn't upgrade at work but that is why I am trying it out. Our license runs out in a few months.

    I go to Objects, Polices, Network Address Translation but All I can do it put a name and IP Address in. Where do I configure the rest?

    Speaking of Objects or System or anything else. I search on how to do things and they reference going to those places but how is someone supposed to know what those things are? All I have are icons that don't tell me what they are. I have to drill down and click on something to figure out what section I am in.

    And the install??? I wasn't even sure if it was installing. It told me it was updating the firmware. What?????

  • 0
    ok, I think I get the NAT & Firewall rule setup. Weird but ok. Now on to getting VPN access working.
  • 0 in reply to MartyGworek
    Everything you need is under policies. They have changed the layout quite a bit specially if you are used to using simple NAT/Masq/firewall rule style firewalls. They have added the ability to allow policy based rules depending on user, then apply NAT/virus scan/webfiltering etc all together in one location.

    At first glance that seems like an ideal situation but it has its drawbacks as others have pointed out above. Happy testing...
  • 0

    I have NAT, http, imap/s, pop3/s, dual anti-whatever scanning, ATP and IPS enabled. I have 3 policies in place, one I don't think is setup correctly because it never reports traffic, it is country blocking.
    All my mail except https goes through the mail policy, there is no scan function for https in the mail area. Maybe I need to explore further. Mail scanning does work, but the statistics are screwed. According to the XG statistics I receive between 500-1000 mail messages a day. I suspect the reporting is just showing up a bug in the imap/s scanning processes. POP3/s seems to show usage correctly.

    To get the above functions working you either need client or clientless setup without either of those, the policies don't work correctly. There is poor function with clientless in this version of XG that you can't setup individual address because they require a mail address. I am led to believe this will be changed in the next release. So you can then assign fixed IP addressing to devices on your network.
    Once you start using clientless for those that don't have a home authentication system you will understand why XG is good for home or small business only. The updates to av etc packages appear to be slightly random or maybe when somebody get around to it because there weren't any over Christmas, subject of another thread, otherwise every couple of days.

    editted to correct typing and spelling errors 19 Jan 2016 Ian M

  • 0 in reply to IanMorehouse

    Completely understand your frustration. I have been on the "beta" for several months now and your going to find a lot of really simple basic things that you just can't do. Certain things you just can't rename after you create i.e. Traffic shaping policies, Network Interfaces. Static IP Mappings for Hosts went from really easy with the unified host view to totally separated. Right now I have a host that I want to put a static IP mapping for on two networks and the interface tells me i can't put it on the second DHCP network scope cause the MAC is already assigned to the other completely different network scope. And what the heck did they do to logging? bring back the old way. Trying to open and troubleshoot what an issue is through the new log interface is a nightmare? It's a constant scrolling adventure left/right if you don't have a high resolution monitor. I haven't even found a spot where you can actually easily search through all the logs easily. The more I use it the more I dislike it in fact I am actually going to switch back to pfsense or some other open source product very soon. Honestly I am not even sure why this was released as so called "beta" it's missing so much basic stuff that the Sophos UTM customer needs that who would actually deploy this even in a home network? It's more like Alpha software. They are a long way from actual deployment into production company networks.

    Good luck in your testing.

  • 0 in reply to KyleK
    I could not agree with you more. I myself am taking this time to look at other products, I have used pfsence, Untangle and even with some of the sort falls of those products they are leaps ahead rite now in many arias. It seems the only ones that seem to think they have a winning product is Sophos. All this complaining falls on deaf ears, Even in the beta program complete silence from Sophos. Don't know what Sophos is smoking but they better go to rehab and get on board with this or its going to continue to fail.
  • 0
    Agreed, Sophos is doing some really crummy business right now.
    I thought the beta was bad, but they did promise to make some changes,
    Now that I am on final, I see, it's pretty much the same with some tweaks.

    However luckily I don't have to use Sophos on a professional level anymore, and at home it works quite OK
    that is for 1 User ;)
  • 0
    The XG85 is my first Sophos device. I bought it based on the solid reputation of Sophos. This device is however really hard to configure and still full of bugs. The documentation is poor, most relevant documents are for the UTM. Is there a way to get under the hood to configure? Even the CLI does not allow to set the network and NAT parameters properly.