XG 210

SophosNewby,

you should contact a Sophos Sales. Have a look around on the Community and make sure to test XG before you buying it.

Regards

Thank you. I have gone thru an online demo of the interface and have been working with a reseller on pricing but are you suggesting they may send a piece of hardware to actually physically demo? Probably my biggest concern is doubting my myself if I am making the right decision overall and maintaining a secure environment, there is not a lot of information out there on these devices or for what purpose they are being utilized for, are they successfully being used as the sole edge device. This will be my biggest purchase since coming on board here and have been looking at it for months but now with the recent firewall troubles, I need to act sooner.

yes, I had a demo appliance for 3 months before I bought it.

advice: be prepared to test everything, even functions that you aren't using today.  once they are available to you, you might make use of them and its good to know how well they do or don't work. 

I made the mistake of not testing completely.  I set up some basic firewall rules and created some vpn connections but didn't work with NAT, IPS, web filter, reports, etc...and some of those things weren't great at the time. 

Have things since improved since your implementation?

have they improved?  yes!  by leaps and bounds.  but that doesn't mean this is the perfect product.  I still very much run into weird issues.

as a general comment, I would say they started down a path of making the product easy to use but sacrificed the granular control that many admins want to see.  an example would be logging.  The new logging in V17 looks much better at first glance, but for the past year the logging has been almost useless due to lack of content and delays in data being displayed. I noticed tech support wouldn't use it at all, they would go straight to putty for CLI access to more extensive logs.  if they are available, why hide it from the end user?

Another example: wireless control.  Its nice that the device can handle wireless AP configuration but some of the details of each AP are hidden.  I haven't found a way to assign a static IP to an AP nor can I see the port stats for the AP...so when wireless performance issues are reported its difficult to track it down.

I've also worked extensively with Cisco, WatchGuard, Fortigate, and SonicWALL devices.  I would say if the improvements for XG continue, technical support continues to improve, and Sophos gets a better handle on bug fixes (they are slow to fix identified bugs and often don't categorize problems as bugs that need to be fixed but simply provide a workaround and call it fixed), then I would continue to suggest the Sophos XG product.  I think they are heading in the right direction but as with any product that is virtually new from the ground up, it still needs work.  For a small to medium business, this is a viable solution and works well.  For large environments or ones with complicated network configurations, a more mature product may be in order.

One last weird thing:  training.  I've found some very limited training classes offered for their products but the most extensive in-person training is in Germany.  only an online class offered on a very limited schedule in North America.  I work for an organization that supports training and certification, but it just isn't available for this product.  again, a symptom of a young product and a company that isn't exactly new but also wasn't at all prepared for this sort of growth.

Hope that helps.

Thank you very much. We did move forward with the XG 210 purchase, a bit hasty it may seem but the product itself falls right in line with future upgrades as we want to bring both our email and PC software in house rather than 3rd party outside subscription, which are both costly and ineffective for myself since I am unable to administer and this product seems like a better fit for those goals. And with our current firewall having some major issues with reliability I had to make the decision now. I have basically been managing this Juniper since arriving here but I'm no means an expert so this new device will probably be a challenge being solely responsible to setup as I am not allowed any downtime during its installation.

I'm trying to gather as much info but so far setup is so basic out there, nothing on policies, rules etc..plus I  have been asked to to move our IPSec clients over to SSL-VPN and all the while still maintain 100% uptime during the whole process, ugg. I will probably just connect it at home and go thru the setup and try to figure how to make everything work the way it is now.

Beginning to get nervous about my abilities. :(

Thank you very much. We did move forward with the XG 210 purchase, a bit hasty it may seem but the product itself falls right in line with future upgrades as we want to bring both our email and PC software in house rather than 3rd party outside subscription, which are both costly and ineffective for myself since I am unable to administer and this product seems like a better fit for those goals. And with our current firewall having some major issues with reliability I had to make the decision now. I have basically been managing this Juniper since arriving here but I'm no means an expert so this new device will probably be a challenge being solely responsible to setup as I am not allowed any downtime during its installation.

I'm trying to gather as much info but so far setup is so basic out there, nothing on policies, rules etc..plus I  have been asked to to move our IPSec clients over to SSL-VPN and all the while still maintain 100% uptime during the whole process, ugg. I will probably just connect it at home and go thru the setup and try to figure how to make everything work the way it is now.

Beginning to get nervous about my abilities. :(