I am new to SOPHOS XG but not firewalls; however:
We just purchased an XG 105 with Enterprise Protect and I am having issues where the bandwidth is completely saturated after a short period of time online. I have no idea on how to find out what internal IP addresses are causing the issue or how to throttle this. My user list is blank (apparently need to install clients on each workstation? Add AD awareness? Beats me . . ). Reading the Admin manual was not much help, will be going back to it again though in the mean time.
Currently, I have our old CISCO RW220 back online but it is having issues so it cannot stay. This was never an issue with our CISCO (or any other firewall I've configured), why is our bandwidth being saturated by Windows updates now and how can I find a report that shows what computers are taking this bandwidth. The traffic dashboard just tells me the total, not broken down per internal IP. I applaud the breakout of all the other information (ex. application classifications, destination hosts, protocol, etc.) but not simply what internal computers are requesting the majority of this traffic.
Until I can find a way to stop this, the SOPHOS is on the shelf.
On a side note, are there classes for this or some paid service to setup initial configurations? I've had to muddle through the initial setup with more difficulty than I've had with any other UTM. I felt like a first year IT student again. . . I need to move our local Exchange 2016 server into a DMZ too (right now couldn't even get the templates for Exchange to work and am using a Non-HTTP rule) and we are not using a 10th of the features we should be.
This thread was automatically locked due to age.
