Overall I do like the direction that Sophos is taking with the firewall design. UTM was a good first step, but overall confusing in detailed configurations. On the XG line I seem to have a severe impact on through put even with only basic settings turned on.
On the left you get to setting firewall rules before you've created policies that you will want to apply to those rules. I would walk users through the other parts and have setting up the firewall rule at the bottom of the middle grouping.
Services that are not needed should have an easy way to turn them off. In commercial environments you generally will not manage the Wireless from the firewall, but have a separate infrastructure to deal with wireless. Seems odd that I cannot just turn off that feature after install, and then turn it on later if things changes. This is true for all of the services. Should be able to turn on and off what you want.
I would move the CONFIGURE grouping of items to be above protection. During initial install you run through those to get the firewall to a usable system, but then would be handy to collapse it afterwards. Each of the side menus would be handy if they could be expanded and collapsed on demand.
The Web categories are unusable for anyone that has dealt with filtering for any length of time. I realize that you are trying to create and easier system with predefined categories/policies but I would rather have a listing of categories ( News, Social, Education, ....) and then create a policy where I choose how each grouping is dealt with. I could then assign that filtering policy to the firewall rule set I want. Also must have a way to lookup a URL and find out where a specific URL is located, then if I disagree I with where it is I should be able to reassign it to another category. We frequently setup custom categories like Home-Allowed and Home-Blocked. Then if there is a site that we think should be one or the other we reassign the URL to the correct category. Also any user recommended changes from a standard category to a 2nd standard category should be uploaded to help Sophos build out its database of sites faster.
On Application filter there are custom groups, like snapchat, that we block within schools. The list of applications that we find are necessary to block changes over time. I don't see an easy way to choose and application and add it to a custom-app-block filter. Also most want to have a simple check box to select which applications to block. On other firewalls I found it useful to just state all Medium & High risk applications were blocked. Here again there should be an easy way to not just search for applications, but change the applications rating based on company policies.
On the DHCP services you should have an option to view current Leases, and then to transition a DHCP lease from dynamic to static. Even assigning a user/policy to that machine at that time. Having to click between windows to create the same thing is tiresome if you're doing more than a few.
Under the firewall it would be nice to group rule sets by traffic flow:
Lan-Wan
Wan-LAN
WAN-DMZ
This would make it easier to review what policies are applied to a specific traffic flow.
Overall the performance the bandwidth takes to too great for me to continue using it, but I will look into it again at a later time to see where the platform is headed.
This thread was automatically locked due to age.
