Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 25 subscribers
  • Views 7283 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RE: Sophos Support recommended XG Firewall firmware version

XPERION

I upgraded from SFOS 15.01.0 MR-3 to SFOS 16.05.4-215 - and after that I struggled a week with a single computer that couldn't get access to a single server in another zone. All other computers from same source zone could. Nothing else had changed and it worked before the upgrade. So now I'm back on SFOS 15.01.0. Sorry to say, but I do really regret spending money on that product serie. XG is so immature. I might be on SFOS 15.01.0 MR-3 a few years - or buy another FW with high throughput which was the only reason compared to price why I thoose Sophos.



This thread was automatically locked due to age.
  • 0

    Domain,

    there are cases and cases and this is sad that you had to revert back to another firmware. Regarding the maturity of the XG? The problem is that the Sales and Marketing are pushing a lot the product but once you get installed it, you realize that many features are missing. On the market there are better products and XG cannot compete at all with them (even with UTM9).

    This product works quite good for small installation (<100 users) and where the requirements are not high (bridge and VLAN is impossible).

    I am waiting for v17 to understand what Sophos thinks to do with this project because after 2 years (next august) the product should be mature enough to replace UTM9. Sophos is spendiong so much efforts in XG and loss of credibility (which does not have price).

    I am scared and disappointed with XG even if I know it a lot and I am here to help other people on their setup (when I have time).

  • 0

    Hi,

    do you use clientless users? If so the 4-mr4 did strange things to them. I have had a number of clientless users for sometime, but after the upgrade some just would not get the internet, investigation found that the some had addresses outside the approved range, so I have been adding them as they fail.

    Also the XG DHCP server does not check for duplicated addresses even though that box is ticked. I also get addresses assigned in the wrong vlan and am not able to determine which device has been assigned the IP address.

  • 0 in reply to rfcat_vk

    I do have the same challenges with Clientless Users. I haven't changed anything in 4, however, after an update to 4 sooner or later internet connectivity gets killed for them. Switching back to 3 proves to be OK and stable. Weird.

    One thing I found is, that a restart of the DNS service brings internet connectivity back. Sometimes for seconds only, sometimes for a bit longer (minutes rather than hours).

     

    I am back to 3 now, however, I'd be glad to help digging the problem.

     

     

    EDIT:

    Hi, it seems there is a wider problem with DNS in Version 4 which prevents both, clients in my network as well as the Sophos XG appliance to resolve names. IPs always work. Check here: https://community.sophos.com/products/xg-firewall/f/licensing/91981/pattern-update-and-synchronization-not-working-after-sfos-16-05-4-mr-4-update

  • 0 in reply to Norbert Schmidt

    DNS stopped working again. And it seems, that DNS server gets killed if a VPN Cisco connection is opened. Check this thread, which DomNik initiated: DNS Server stops working for LAN Zones after Cisco VPN is established . I tested it just now and can confirm the problem.

     

    It would be great to see whether you too can replicate this behavior or potential root cause.

     

    Thanks