Jump to content
RESET Forums (homeservershow.com)

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall


itGeeks

Recommended Posts

I'm sticking with it also - I don't think there is anything that compares at the moment feature-wise and it's a nice little product for a tinkerer!

 

One thing though, I'm damned if I can get email notifications working. I posted on the Sophos forums, but as per usual, zero response.

 

Maybe if I post it here someone may know what the issue is :-)

Anyone who can help me figure out why my email notifications won't work?

I'm using the same email config that I use on other servers and they work just fine.

I'm using Microsoft hosted Exchange, and I am using :-


Mail Server : smtp.office365.com Port : 587

Username my usual

Password my usual

Connection/Security (I've tried all options!)

Certificate - I've tried Appliance Certificate and None

I get an error saying failed to connect to mail server. Do I need to create a rule or something? I have the Webfilter off and I have the Application filter set to Allow All, but I also set that to None too just in case.

Link to post
Share on other sites
  • Replies 300
  • Created
  • Last Reply

Top Posters In This Topic

  • itGeeks

    92

  • nrf

    53

  • pcdoc

    46

  • psykix

    40

Top Posters In This Topic

Popular Posts

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG

Here is what Sophos had to say about this brand new platform- https://blogs.sophos.com/2015/11/10/sophos-xg-firewall-a-network-security-ecosystem-with-many-innovations/#more-30035   You can downloa

Well I was almost there this weekend but had to bail out.  Got everything working very well such as port forwarding, filtering, application policies etc.  Got my home automation, cameras, and streamin

I build up one based on the Superserver 5028D-TN4T.

In the UK, it was cheaper to buy the Ablecom CS-M50 case and X10SDV-TLN4F board separately and put it together myself, then get it ready made from SM.

 

Running 32gb DDR4 with 512gb NVMe SSD and it flies along with ESXi6 :)

 

That's one expensive motherboard!!

Link to post
Share on other sites
Drashna Jaelre

@pcdoc:  Aside from excluding specific devices, I wasn't able to find a way to "fix" mobile devices issues, nor XBOX Live issues.  It really, really needs an exclusion setting like 9.3.  I'm not sure if that's possible with the new version, depending on what exactly they changed.  But until they do, I'm not going to use it.

 

Basically, I'm not going to reduce the overall security for a number of devices just to get it to work. Especially when the UTM 9.3 product *does work*. 

 

 

The rest of the UI change .... while counter intuitive in a lot of regards is easy to figure out once you stick with it for a while. 

But the reasoning for the change... is a literal joke.  Their reasoning? So everything was 3 clicks away.  Except, if you check it out... in the UTM product .... nothing was more than 3 clicks away. Category (eg web filter or network protection) -> Feature setting -> Sub-settings.  So, it really feels like it was a change ... just to change it. And make it look shiny. 

 

 

 

That's one expensive motherboard!!

Moderately. It's an 8 core Xeon CPU. That's not cheap.  

But it's sure a powerhouse. And supports upt to 128GBs of ECC, IIRC

Link to post
Share on other sites

@pcdoc:  Aside from excluding specific devices, I wasn't able to find a way to "fix" mobile devices issues, nor XBOX Live issues.  It really, really needs an exclusion setting like 9.3.  I'm not sure if that's possible with the new version, depending on what exactly they changed.  But until they do, I'm not going to use it.

 

Basically, I'm not going to reduce the overall security for a number of devices just to get it to work. Especially when the UTM 9.3 product *does work*. 

 

 

The rest of the UI change .... while counter intuitive in a lot of regards is easy to figure out once you stick with it for a while. 

But the reasoning for the change... is a literal joke.  Their reasoning? So everything was 3 clicks away.  Except, if you check it out... in the UTM product .... nothing was more than 3 clicks away. Category (eg web filter or network protection) -> Feature setting -> Sub-settings.  So, it really feels like it was a change ... just to change it. And make it look shiny. 

 

 

 

Moderately. It's an 8 core Xeon CPU. That's not cheap.  

But it's sure a powerhouse. And supports upt to 128GBs of ECC, IIRC

 

 

Curiosity question, How is an exclusion different from creating a rule that minimizes the scan?  Did you not have to exclude devices on UTM 9.x?  I thought mobile was an issue with all sophos products.

Link to post
Share on other sites

Curiosity question, How is an exclusion different from creating a rule that minimizes the scan?  Did you not have to exclude devices on UTM 9.x?  I thought mobile was an issue with all sophos products.

Mike I can answer your question and y Chris is so upset, In UTM9 all you had to do was create RegEX entry to get things like Netflix and XBox working. Have a look at Drashna guide below-

https://drashna.net/blog/2015/03/an-exercise-in-frustration-fine-tuning-the-web-filter-in-sophos-utm/ But this does not work in XG Firewall

Edited by itGeeks
Link to post
Share on other sites

@pcdoc:  Aside from excluding specific devices, I wasn't able to find a way to "fix" mobile devices issues, nor XBOX Live issues.  It really, really needs an exclusion setting like 9.3.  I'm not sure if that's possible with the new version, depending on what exactly they changed.  But until they do, I'm not going to use it.

 

Basically, I'm not going to reduce the overall security for a number of devices just to get it to work. Especially when the UTM 9.3 product *does work*. 

 

 

The rest of the UI change .... while counter intuitive in a lot of regards is easy to figure out once you stick with it for a while. 

But the reasoning for the change... is a literal joke.  Their reasoning? So everything was 3 clicks away.  Except, if you check it out... in the UTM product .... nothing was more than 3 clicks away. Category (eg web filter or network protection) -> Feature setting -> Sub-settings.  So, it really feels like it was a change ... just to change it. And make it look shiny. 

 

 

 

Moderately. It's an 8 core Xeon CPU. That's not cheap.  

But it's sure a powerhouse. And supports upt to 128GBs of ECC, IIRC

Chris I understand what your saying but like it or not this is the new Sophos and UTM9 is going away, If you look at there website UTM9 is not even an option for downloading anymore. With time comes change for better or worse, Just look at Microsoft with Windows not everyone loves it but if we are going to continue using it we need to adapt and go with the flow & find new ways to do things. Not trying to get under your skin, You been around technology for a long time so you know this is how things go. Only other options are don't use Microsoft Windows & Don't use Sophos Firewall/Router. I am sticking with both even though I don't agree with the direction either of them are going.

Edited by itGeeks
Link to post
Share on other sites

That's one expensive motherboard!!

 

it sure was, but you do get 8 Xeon cores (plus hyper threading) giving a passmark of about 11000 and up to 128gb ECC RAM in an ITX footprint.

 

i'm in a position where i will have no spare cash for the next 2-3 years, but will need more than 32gb RAM over that time to support home use and my ventures.

I didn't want to have multiple boxes of 32gb, and the the running costs for this board were less than an E5, which was the only realistic 32gb+ solutions that still had VT-d

...I will keep everyone posted and remember live on the edge...

 

Please do keep updates coming.

I would quite happily live on the edge, except the family would push me off if they couldn't get youtube/cbeebies/random soap operas on netflix...

Edited by snapper
Link to post
Share on other sites
Drashna Jaelre

Curiosity question, How is an exclusion different from creating a rule that minimizes the scan?  Did you not have to exclude devices on UTM 9.x?  I thought mobile was an issue with all sophos products.

Netflix works for me, Hulu as well. 

 

It's a matter of what's being filtered improperly and excluding it.

 

No devices are excluded on my network. Not for long, as I want to make sure I don't exclude all traffic just because one service doesn't work.

 

 

Chris I understand what your saying but like it or not this is the new Sophos and UTM9 is going away, If you look at there website UTM9 is not even an option for downloading anymore. With time comes change for better or worse, Just look at Microsoft with Windows not everyone loves it but if we are going to continue using it we need to adapt and go with the flow & find new ways to do things. Not trying to get under your skin, You been around technology for a long time so you know this is how things go. Only other options are don't use Microsoft Windows & Don't use Sophos Firewall/Router. I am sticking with both even though I don't agree with the direction either of them are going.

 

 

And the downloads are still there. Harder to find, yes, but there. And they're linked on my blog, anyways.

https://www.sophos.com/en-us/support/utm-downloads.aspx

 

I actually used the links to re-download and reinstall my router. So they definitely work.

 

 

 

 

The thing is here, I want to have a modicum of control here. Sophos XG takes that away. I'm not happy about it at all.  Now I have the option to exclude devices and fail to protect them, or stay on the older version and fix the problem services.

And I've learned plenty enough from Sophos UTM that I probably would be comfortable setting up SQUID in pfSense...  Not that I want to, but it would work better IMO.

Link to post
Share on other sites

I build up one based on the Superserver 5028D-TN4T.

In the UK, it was cheaper to buy the Ablecom CS-M50 case and X10SDV-TLN4F board separately and put it together myself, then get it ready made from SM.

 

Running 32gb DDR4 with 512gb NVMe SSD and it flies along with ESXi6 :)

That's a really nice system, Now that I have a taste for VMs I wish I had gone for an 8 core system. Please keep us updated.

Link to post
Share on other sites

Netflix works for me, Hulu as well. 

 

It's a matter of what's being filtered improperly and excluding it.

 

No devices are excluded on my network. Not for long, as I want to make sure I don't exclude all traffic just because one service doesn't work.

 

 

 

 

And the downloads are still there. Harder to find, yes, but there. And they're linked on my blog, anyways.

https://www.sophos.com/en-us/support/utm-downloads.aspx

 

I actually used the links to re-download and reinstall my router. So they definitely work.

 

 

 

 

The thing is here, I want to have a modicum of control here. Sophos XG takes that away. I'm not happy about it at all.  Now I have the option to exclude devices and fail to protect them, or stay on the older version and fix the problem services.

And I've learned plenty enough from Sophos UTM that I probably would be comfortable setting up SQUID in pfSense...  Not that I want to, but it would work better IMO.

 

That is part of the discrepancy in the viewpoints and why there are so many different opinions on this product.  You have a wealth of knowledge on how things work down to command line stuff and want that control that they took away from you, while some want the turn it on, point and forget it approach.  XG is somewhere in the middle.  If I had your knowledge in networking/firewall/protocols, I would want the same thing as I would know what to do with it.  But since I don't, I will give it a go and see where it leads me.  Great topic of discussion though.  I hope that everyone tries it so we can fire up some best practices and some healthy discussions.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...