Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 15532 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How is it going so far?

Ashen1

Hi guys,

 

How's your Sophos XG firewall experience so far? I've been deploying and administering this technology since it's beta release and I've had a roller-coaster ride with this one up to now and i'm kinda enjoying the challenge, sometimes frustrating but all in all it's been a rewarding one.

 

Hope you can share yours, 

 

Thanks,

 

Rap



This thread was automatically locked due to age.
Parents
  • 0

    Rap,

    the XG is crazy and make it working is really challenging (some times). Understanding what's wrong it is a nightmare. I have been using it since beta too at home (never rolled back to UTM) and I have installed it on some small customer (XG 210 for example) and it working quite good. Still logging and reports are not complete, MTA is not working and complete at the moment but I can say that:

    • web filtering is easy to use and allows multiple profiles easily (waiting for Sophos URL filtering instead of WINGc)
    • IPS on Sophos Appliance is working good and it is per rule based
    • WAF uses template and it is easy for customers to use WAF module
    • VPN S2S it is easy to setup and all in 2 tabs (UTM requires more than 2 tabs)
    • Command line helps (even if commands are not using a standard. Sometimes the switch "show" it is at the end and sometimes at the beginning)

    It is improving a lot and it is more stable (as I read from Community users). MR3 integrates almost 100 bug fixes so wating for v17.

    Regards

  • 0 in reply to lferrara

    Hi Luk,

     

    I agree in what you say that "XG is crazy", yet I can't wait to see how it mature and improve in the next version release.

     

    Thanks for sharing,

     

    Regards, 

    Rap

  • 0 in reply to Ashen1

    I have written about XG many times and I will give you a short version.

    XG is great for home use or maybe really small shops where logging is not a big concern but with the current logging capabilities, I would not recomment it for any complicated setups.

    I like granular QoS in XG but again, it is geared toward home user. You can do all kind of fancy things with QoS, throttling apps and regular web surfing alike. However, no QoS on interfaces makes it useless for example if you have multiple WAN interfaces with different bandwidths.

    The dashboard is nice to look at but I never really can tell exactly how much bandwidth is being used by glancing at it. All the other information about services/performance etc is pretty useless. I get alerts about new firmware for APs and REDs although I don't have any attached to XG... weird.

    Simple DNAT like Source internal Network  SERVICE NTP  Destination Internet .... DNAT to internal NTP server is not possible with XG gui. So the GUI is powerful but weak at the same time.

    Although VPN is pretty easy, you have to define internal network/LAN again in a separate place for configuring VPN although you have already defined LAN network. This seems like an extra step to me.

    Tab layout is still confusing to me because I don't use XG every day. When I turn the VM back on, I get confused when looking for certain things.

    Still no way to turn off interfaces and RENAME them even after v17. I don't understand how is that so hard if you say interfance name ANYTHING on port 1 is always eth1 on the appliance. But AlanT says time and time again (copernicus beta) that this is very time consuming.

    Luk has already explained the big items, I realize that I am mostly complaining about things that effect me personally but XG seems so close to being perfect but so far from it in reality.

Reply
  • 0 in reply to Ashen1

    I have written about XG many times and I will give you a short version.

    XG is great for home use or maybe really small shops where logging is not a big concern but with the current logging capabilities, I would not recomment it for any complicated setups.

    I like granular QoS in XG but again, it is geared toward home user. You can do all kind of fancy things with QoS, throttling apps and regular web surfing alike. However, no QoS on interfaces makes it useless for example if you have multiple WAN interfaces with different bandwidths.

    The dashboard is nice to look at but I never really can tell exactly how much bandwidth is being used by glancing at it. All the other information about services/performance etc is pretty useless. I get alerts about new firmware for APs and REDs although I don't have any attached to XG... weird.

    Simple DNAT like Source internal Network  SERVICE NTP  Destination Internet .... DNAT to internal NTP server is not possible with XG gui. So the GUI is powerful but weak at the same time.

    Although VPN is pretty easy, you have to define internal network/LAN again in a separate place for configuring VPN although you have already defined LAN network. This seems like an extra step to me.

    Tab layout is still confusing to me because I don't use XG every day. When I turn the VM back on, I get confused when looking for certain things.

    Still no way to turn off interfaces and RENAME them even after v17. I don't understand how is that so hard if you say interfance name ANYTHING on port 1 is always eth1 on the appliance. But AlanT says time and time again (copernicus beta) that this is very time consuming.

    Luk has already explained the big items, I realize that I am mostly complaining about things that effect me personally but XG seems so close to being perfect but so far from it in reality.

Children