Hi there. I just recently converted from UTM 9 to XG. Unfortunately it's proving to be quite a steep learning curve. One problem I've encountered is that XG seems to be not letting me access certain websites from the LAN. Just by way of example, Facebook works just fine, but Stackexchange returns a 504. The most frustrating part is that online help for the XG is timing out with a 504.
When walking through the Wizard to select policies for LAN to WAN, I chose the default workplace policy for the Web Filter, none for the App Filter and LAN TO WAN for IPS. As an aside, I'm a bit perplexed by the choices - should I have picked WAN to LAN if my primary objective is to secure from external attacks rather than secure clients on the LAN?
In any event, when I started getting the 504 errors (which seemed to be website-specific), I turned off the Web Filter altogether, but that didn't help. I haven't made any other changes. I assume it has something to do with IPS, but am having quite a bit of trouble figuring out how to tweak the default policy. While I'm happy to do a bit of work on my own part to try to figure that out, the problem for me right now is that docs.sophos.com times out, so I can't access online help.
Perhaps on a completely unrelated note, I noticed that there is a virtual appliance available for XG. In the past, based on what I've read, most folks seem to suggest that firewalls, UTMs and the like should always be installed on bare metal, for security reasons - i.e. external attackers could target the physical host and VM environment to work around the firewall. Is that still the case either generically or with XG? Or is that outdated thinking? The reason I ask is because I'd very much prefer to set up XG on vSphere if it doesn't materially compromise security, so that if I ever need to shift to another firewall, I could spin it up on the same box and switch back and forth more easily during transition. Plus of course the other benefits of virtualization.
Any thoughts on the above would be most appreciated.
This thread was automatically locked due to age.