Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 8603 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall First Test - Complete Fail

SophosNewby

So the 1 hour window to plug in this new firewall on the corporate LAN was a failure in my opinion. First thing I noticed was the ethernet connection on my PC was saying I had no internet when I actually did but there was no http, it only seemed to all direct to https, so probably why the warning flag on the connection. Second out of all my firewall rules only 2 were successful. I saw one of our international staff uploading through FTP and Exchange OWA was accessible, all the VOIP and Exchange email services did not work.  I did manage to get one VOIP Port 443 to actually start communicating but this was after i created a business rule and reversed my source and destination settings, I tried this with others but no go.

I wasn't really sure how to troubleshoot exactly as I qwas also dealing with staff coming up making stupid chit chat , that they had no email, really distracting. So my hour came and gone in no time. I just shut down the system and packed it up to bring home and work on. Bit deflated at the moment so not sure if I want to continue or simply have an experienced company set this up.

Really frustrated why I am not understanding the whole communication between the outside and inside.



This thread was automatically locked due to age.
  • 0

    Hi,

     

    I really dont think it was a good idea from the start. 1 hour for a completely new product in a productive environment just does not work.

    Especially XG-firewalls tend to have configurations that cant be understood without really thinking or reading about it.

     

    To understand the communication and the how to's you should create a test-environment and you should take time.

    Personally i needed about two or three days to get into the XG system (considering that i came from UTM with quite some experience this is much).

     

    Regards,

     

    Ole

  • 0 in reply to Ole Heydt

    Couldn't agree more, I have had the unit for a week and have been scouring everything and watching anything related to XG. Unfortunately do not have the resources to set up a test environment, i'm going to give it a go next weekend and if its the same result simply pay my vendor to get it set up correctly. I only maintain our Juniper firewall with additions to our VPN users and that's it. I have no direct experience with this level of product. I'm pretty sure my original thoughts of creating Business Application rules for the VOIP and Mail services is the way to go over User/Network rules.

     

    One thing I will say though, its very responsive to changes on the fly and boot time, that was a pleasant surprise.

  • 0

    I agree with other comments.

    I run two XG210s in production environment. One in Norwich, and the other in London.

    I have a 105W at home that is my real world testing unit. I am fortunate that I have an employer that understands I need to test things like that.

    What I also do have, is a visualised environment that I mirror the live production environment as much as I can for basic things. It helps me understand updates etc and I have two DCs in two sites, and an exchange server, . The two XGs are visualised running the home version. The test environment is not that expensive really and very valuable. I just mention it as you may want to look at that as a route to understand whats going on, in a safer environment.

  • 0 in reply to RichardPhillips

    Thank you all for your comments. I actually contacted our Sophos vendor on Saturday and asked him about sending me a XG105 for my home system, that's a good idea. I can set up a VM environment as well to simulate. But I'm just biding my time as our current firewall is unstable so it may come sooner than later the permanent swap. Its most likely my lack of expertise with firewalls that is the main problem, i'm sure there are plenty of members here who could have had it setup in no time, its not really a difficult setup, its my lack of understanding how it all works working against me.