Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 9763 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

what to chosse XG or still SG for a new Project? (Migration from WatchGuard)

Swjatoslav Cicer

Hello Guys,

 

i can remember that prior XG Versions full of bugs were and it was not recommended to move to XG.

 

Now for a new project where we have to migrate from WatchGuard to Sophos i was asked to compare the XG and SG and recommend the customer wheter he should go right now with XG or first go to SG and wait till XG is stable.

 

What would you say? is XG good enough and stable now to make a new Project only with XG or would you reccomend to stay on SG and migrate to XG later?

 

Another Questions:

 

- Is it allready possible to migrate from SG to XG (automatic migration Tool or something) ?

- Is the Performance of XG realy so high as it is printed on the Datasheets?

- Sandboxing on XG comare to SG?

- What Features do you still miss on XG compared to SG?

- What are from your point of view the Benefits using XG now?

 

Thank you very much



This thread was automatically locked due to age.
Parents
  • +2

    Hi,

    the XG has a higher performance than the SG.

    What you haven't advised are your security requirements and what other features you require in the XG?

    I would recommend that you start a relationship with a Sophos reseller/partner, while waiting for more answers. A partner might supply you with a loan box and 30 day full trial licence.

    Ian

  • 0 in reply to rfcat_vk

    Hello,

     

    Thank you for your response.

     

    I am a Sophos Partner on my own :) i just wanted to hear some Real World Experience from other System Engineers who are working with XG.

     

    So the performance is better compared to similar models SG - XG ?

    if i look at the "Real World" Dates on the XG Sizing Guide i dont see that XG is realy more powerful than XG.  So good to know, that it is trully better.

     

    i want to use it with Enterprise + Bundle. NGFW Features that wil lbe used is : WebProxy + AV, IPS, AppControl, ATP, Sandboxing for WebProxy.

     

    i am worried about Bugs and that XG is still not stable for a big Project that i want to make.

     

    It would be great if you guys could share more experience about XG and answer some of the Question i wrote in the previous post.

     

    Thank you in advance

  • 0 in reply to Swjatoslav Cicer

    Hi,

    I am a home user of both UTM and XG. I have been using the UTM from approx 2005. I came across to test the original XG beta and to add some value to the bug reporting processes.

    The current version V16 does not have a DNS/DHCP link which means that for serious DNS you need to run your own internal DNS/DHCP server. The XG can function as a DNS proxy.

    The application control/management is totally different to the UTM and is not there yet. Reporting is detailed. Mail scanning works, but reporting is not great. You can setup your own reports.

    The UTM is easier to setup in my opinion upto v16, but as each new MR is released there have been big improvements in the XG.

    There is a centralised management system similar to the UTM SUM. There are limitations on how the networks can be used in the firewall rules. IPS cannot be fine tuned as per the UTM version. Some of the features I can't comment on because I only have a small system, very slow network and a home licence, you would someone like Luk or Huber or Roland for the business side details.

     

    In the next week or so there will be a new beta, v17 which fixes many of the issues and adds many new features, so I would wait and maybe even experiment with the beta yourself.

     

    Ian

Reply
  • 0 in reply to Swjatoslav Cicer

    Hi,

    I am a home user of both UTM and XG. I have been using the UTM from approx 2005. I came across to test the original XG beta and to add some value to the bug reporting processes.

    The current version V16 does not have a DNS/DHCP link which means that for serious DNS you need to run your own internal DNS/DHCP server. The XG can function as a DNS proxy.

    The application control/management is totally different to the UTM and is not there yet. Reporting is detailed. Mail scanning works, but reporting is not great. You can setup your own reports.

    The UTM is easier to setup in my opinion upto v16, but as each new MR is released there have been big improvements in the XG.

    There is a centralised management system similar to the UTM SUM. There are limitations on how the networks can be used in the firewall rules. IPS cannot be fine tuned as per the UTM version. Some of the features I can't comment on because I only have a small system, very slow network and a home licence, you would someone like Luk or Huber or Roland for the business side details.

     

    In the next week or so there will be a new beta, v17 which fixes many of the issues and adds many new features, so I would wait and maybe even experiment with the beta yourself.

     

    Ian

Children
  • 0 in reply to rfcat_vk

    Even if Ian is a home user he knows very well all the limitation of current XG. He is always around here.

    In addition I would like to add:

    • if you need to use bridge, do not use XG. VLAN ID are not passing correctly
    • Email protection: Smart host cannot be managed by XG. It must send email to internet directly (v17 will support it). Blacklist/whitelist is still not possible. For email protection, UTM9 wins.
    • Binding services. If you have multiple ISP you cannot restrict VPN to one public IP, user portal to another and so on. All services will listen on zones and not IP.

    For the rest, XG performs quite good (apart the logging which is a challenge all the time. Waiting for v17).

    Regards