Jump to content
RESET Forums (homeservershow.com)

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall


itGeeks

Recommended Posts

  • Replies 300
  • Created
  • Last Reply

Top Posters In This Topic

  • itGeeks

    92

  • nrf

    53

  • pcdoc

    46

  • psykix

    40

Top Posters In This Topic

Popular Posts

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG

Here is what Sophos had to say about this brand new platform- https://blogs.sophos.com/2015/11/10/sophos-xg-firewall-a-network-security-ecosystem-with-many-innovations/#more-30035   You can downloa

Well I was almost there this weekend but had to bail out.  Got everything working very well such as port forwarding, filtering, application policies etc.  Got my home automation, cameras, and streamin

That is part of the discrepancy in the viewpoints and why there are so many different opinions on this product.  You have a wealth of knowledge on how things work down to command line stuff and want that control that they took away from you, while some want the turn it on, point and forget it approach.  XG is somewhere in the middle.  If I had your knowledge in networking/firewall/protocols, I would want the same thing as I would know what to do with it.  But since I don't, I will give it a go and see where it leads me.  Great topic of discussion though.  I hope that everyone tries it so we can fire up some best practices and some healthy discussions.

Well said pcdoc.

Link to post
Share on other sites

So is there a working upgrade path from UTM 9.3 to XG yet?

 

 

Sent from my iPhone using Tapatalk

Hmm the option is there but not sure if it works ;) I had to reinstall the final version coming from the beta so I could add my new serial number to activate my free home license, Ya what a mess all that just to change the serial number anyway it had an option to upgrade from UTM9.x but sense I was not upgrading I don't know if it works yet. Give it a try, Backup UTM9 first and give it a go. If all else fails you have the backup :)

 

I will give you a jump start to save you some possible headache when installing XG. What I would do first is create a new Sophos ID from there main webpage click on the picture of the head/sholders next to the support link, This is different then what you have already then make sure your logged in with the new Sophos ID Then download the software from here https://www.sophos.com/en-us/products/free-tools.aspx after you get the email with the serial number go back into your account you just created and on the left side click on "Network Protection" ->Register Device then enter your new serial number. Now go ahead and install XG when you get to one of the screens it will prompt you to either register this device or sync the license, Press sync the licenses and you done. I have problems with the beta trying to register the device from the setup and my humble feelings are this is much easier registering the device ahead of time.

Link to post
Share on other sites

Thanks itGeeks.  Please confirm the Home Edition of XG is under Network Protection > Download Installers > Software Installers and is the 'Firewall OS Software ISO for Intel Hardware' option?

Link to post
Share on other sites

:)

 

And yeah, it has a lot more "options". But these are basically templates based on different "expected" configuration. 

 

IIRC, the COPA web filter is good for child safety. 

 

 

 

 

I respectfully disagree. :\

 

If you use mobile devices for consumption, or have consoles, it's pretty much unusable. 

The web filter breaks too many things... and fixing them ... well, the only way available is turn off categories until you figure out which it is... or just turn it off completely. Completely defeating the point.

Chris it does not seem to be a category problem, well not one that we can see anyway aka something behind the scenes that we have no control over. The Allow_All says "unrestricted web access" I even tried creating a new Allow_All web filter rule to see if maybe it had something to do with the default rule, Nope Netflix still does not work unless completely disabled. :(

Link to post
Share on other sites

Thanks itGeeks.  Please confirm the Home Edition of XG is under Network Protection > Download Installers > Software Installers and is the 'Firewall OS Software ISO for Intel Hardware' option?

Your welcome. No don't download from there becous you wont get your home license, That will only give you a trial key. Instead download it from here https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx

You will be asked for some information including your email address and they will email you a serial number that is tied to a free home license, after you get that before you install follow my directions above to pre-register the product. And yes you want the ISO for Intel hardware and as nrf said its only for 64 bit hardware.

Link to post
Share on other sites
Drashna Jaelre

note 'intel hardware' so far means 64bit hardware.

It's that pretty much *all* intel CPUs anymore?  

Can you find a CPU that is only 32 bit anymore? At least from the last few years.

 

:)

 

That is part of the discrepancy in the viewpoints and why there are so many different opinions on this product.  You have a wealth of knowledge on how things work down to command line stuff and want that control that they took away from you, while some want the turn it on, point and forget it approach.  XG is somewhere in the middle.  If I had your knowledge in networking/firewall/protocols, I would want the same thing as I would know what to do with it.  But since I don't, I will give it a go and see where it leads me.  Great topic of discussion though.  I hope that everyone tries it so we can fire up some best practices and some healthy discussions.

Which says something about it's flexibility.  That it can be a simple product, or something as (or more complex than) pfSense. 

 

It's a fantastic product. At least UTM is.  XG Firewall is decent, and I think with more time, it will become better. As good or better than UTM. But it's not there now. 

 

To be blunt, I don't have a lot of experience with networking.  Most of what I know is stuff I've learned *because* of Windows Home Server (and a part of why I love the product and it's successor so f***ing much).   Most of my experience with Sophos has been reading logs. Seriously. It's checking the live logs and learning how to best exclude *just* what I want. It's also been a shitload of google. Looking for which parts are in use by what devices/services. 

 

The issue that I have with XG Firewall (and really the core of the problem for me), is that it takes all of that experience and shits on it. All of the stuff I've learned, it's not usable at all. 

 

If there was a good way to take what I know and (easily) convert that to XG Firewall, I would. In a heartbeat. And I really hoped that I could. THat's why I installed it on my router and used it for a full week before reverting (and thank goodness for automated setting backups!!)

 

And the reason I documented a lot of what I've done was in part for personal reference in the future. But because I know that Sophos' documentation was lacking and that a lot of people had issues figuring out the product. That, and if I was going to recommend it, i might as well put my hard work out there for others to use. 

 

I still do have a VM loaded of it (for my VM lap, actually), and I do plan on digging into it to see if I can "fix" the issue I was having. But for now... I may see about writing more guides for UTM. More advanced topics.

Link to post
Share on other sites

It's that pretty much *all* intel CPUs anymore?  

Can you find a CPU that is only 32 bit anymore? At least from the last few years.

 

:)

 

Which says something about it's flexibility.  That it can be a simple product, or something as (or more complex than) pfSense. 

 

It's a fantastic product. At least UTM is.  XG Firewall is decent, and I think with more time, it will become better. As good or better than UTM. But it's not there now. 

 

To be blunt, I don't have a lot of experience with networking.  Most of what I know is stuff I've learned *because* of Windows Home Server (and a part of why I love the product and it's successor so f***ing much).   Most of my experience with Sophos has been reading logs. Seriously. It's checking the live logs and learning how to best exclude *just* what I want. It's also been a shitload of google. Looking for which parts are in use by what devices/services. 

 

The issue that I have with XG Firewall (and really the core of the problem for me), is that it takes all of that experience and shits on it. All of the stuff I've learned, it's not usable at all. 

 

If there was a good way to take what I know and (easily) convert that to XG Firewall, I would. In a heartbeat. And I really hoped that I could. THat's why I installed it on my router and used it for a full week before reverting (and thank goodness for automated setting backups!!)

 

And the reason I documented a lot of what I've done was in part for personal reference in the future. But because I know that Sophos' documentation was lacking and that a lot of people had issues figuring out the product. That, and if I was going to recommend it, i might as well put my hard work out there for others to use. 

 

I still do have a VM loaded of it (for my VM lap, actually), and I do plan on digging into it to see if I can "fix" the issue I was having. But for now... I may see about writing more guides for UTM. More advanced topics.

I dug this thread up with a bit of googling https://community.sophos.com/products/xg-firewall/f/46/p/11088/33359#33359

I also added to the post our frustration with steaming services not working, You will notice my post because I put a reference link back to this thread. Everyone here should add a comment to it, More complaining the better. I for one will keeping a close eye on that post waiting for resolution (hopefully) :rolleyes:

Edited by itGeeks
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...