Jump to content
RESET Forums (homeservershow.com)

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall


itGeeks

Recommended Posts

How does it compare to iSpy?

Mike I have never used iSpy but from word on the street they now charge you for some of the features. I did look at iSpy some time ago and I thought it was a bit of a mess so I passed on it. I also tried Blue Iris for a short time and liked that even less, Blue Iris is very CPU hungry. I then settled on Synology Surveillance Station and for the most part I really liked it but I was having a small problem on playing recorded video, It would pause every 15 seconds for 15 seconds then resume, If I played the recorded video back in x2 or faster I did not see this delay. I also had some other small annoyances but nothing show stopping. Right now I am running the Synology DSM v6 beta and Surveillance Station is not compatible with it, Synology says it will be compatible in Beta 2 later this year so y I was waiting I wanted to try something else to see how it compares to the 50.00 cost of each camera license and I am glad I did. I really like XProtect GO, It offers 8 cameras for free with 5 days of recording however this free version does not give you alerting of any kind, for that you need to jump up to XProtect Essentials for a cost, The server will run you 99.00 plus each camera license cost 50.00.

Link to post
Share on other sites
  • Replies 300
  • Created
  • Last Reply

Top Posters In This Topic

  • itGeeks

    92

  • nrf

    53

  • pcdoc

    46

  • psykix

    40

Top Posters In This Topic

Popular Posts

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG

Here is what Sophos had to say about this brand new platform- https://blogs.sophos.com/2015/11/10/sophos-xg-firewall-a-network-security-ecosystem-with-many-innovations/#more-30035   You can downloa

Well I was almost there this weekend but had to bail out.  Got everything working very well such as port forwarding, filtering, application policies etc.  Got my home automation, cameras, and streamin

this thread is getting jumbled.

 

I am wondering if UTM -vs- firewall xg should be placed into the category of "if it ain't broke don't fix it" until such time as the company shows it is serious about XG. Along these lines I am thinking of promoting my experimental XG microserver to be my production UTM9 box. UTM9 ain't broke so I will leave it as production until something worthy comes along to expend my effort on. I have fine tuned the 'drashna' patterns and policies to suit my needs and I am not hurting for any 'missing feature' I really need.

Edited by nrf
  • Like 1
Link to post
Share on other sites

seems like we need to know which particular part of the filtering is causing the problem so finer grain control can be exercised, much like what 'drashna' did for us on his blog. anyone looked at the logs you get when a device is having trouble? is the log worth anything?

The part of the web filtering that seems to be causing all the trouble is "NOT" exposed to the end-user so we cant fix it. Only Sophos can fix it and based on all the complaints from users of UTM9 regarding things like Netflix not working I would not hold my breath that there interested in fixing it. There is a thread already on the Sophos community and someone even contacted the team responsible but still no updates on the matter and in my humble opinion based on there track record with UTM9 & Netflix that post will stay silent from Sophos support. Lets just hope I am wrong.

Here is the post https://community.sophos.com/products/xg-firewall/f/46/p/11088/33359#33359

Link to post
Share on other sites

 There is much discussion revolving around one of the flaws in XG though there are a few of them.  In line with ITgeeks comment, the way I look at it is that if you compare the security levels you are getting for free and compare it to every off the shelf home solution, and you will find there is no comparison, and it will only get better over time.  I know that excluding a device from filtering is not a great way to go, however if it is an XBox, Apple TV, or Roku that should not be a problem as these are not open surfing devices and only connect to certain networks.  I had to do the same using Untangle as a result of enhancing filtering.  Tablets or iPads for kids is a different issue all together and we should be focused on finding solutions that protect our kids and our networks as we do not know if this issue will ever get addressed being this is a business oriented program and I am sure they do not care about Netflix.  It is all about the total value.  I agree with ITgeeks that adding something like the circle may give you best of all worlds.  If you are using something better than definitely stick with it as you always want to use the best for your family, but if you are using an off the shelf router and looking for something significantly more secure, then it is worth considering XG as one your choices.  Team it up with something that address any concerns such as wifi filtering and you got a great combo. A product like this is not for everyone and the learning curve is huge (at least it was for me), but coming from a recent breach which scared the heck out me, I welcome it with its minor flaws as it is a ton better than what I had and I do not have to pay $54/month less protection.  For guys that are using 9.3, you guys know better than i but it seems like there is no incentive to change, or if you are using something that has been heavily tuned and it works for you, then again you should keep it.  That said, I would challenge anyone else to provide an alternative that provides this much security for the value despite some flaws.  If you have such a product, let me know as I will switch in a minute and forgo the numerous hours I spent tuning XG but until then, this is best I know of and I am going to keep moving forward until I find something better. Just my two cents...

Link to post
Share on other sites

actually I think utm9 is such a solution. xg is kind of a black box with frustrating characteristics and no evidence of continuous improvement.

 

I would not even consider an off the shelf 'consumer' router as they tend to quickly end up with obsolete firmware unless one switches them to an alternative firmware.

Edited by nrf
Link to post
Share on other sites

actually I think utm9 is such a solution. xg is kind of a black box with frustrating characteristics and no evidence of continuous improvement.

 

I would not even consider an off the shelf 'consumer' router as they tend to quickly end up with obsolete firmware unless one switches them to an alternative firmware.

What type of "evidence of continues improvements" are you looking for so early in the game? After all this was just released as a v1 product so one would think its going to take some time for a v2 product. They have said many times this will NOT be up to UTM9 standards out of the gate but they do have a road map and as time goes on they will add more from UTM9 what that more is remains to be seen and only time will tell, What I do know is XG is here to stay as the next big thing and over time UTM9 will be gone and in many ways its already gone but supported for some time yet, How much time we don't know yet but rest assured UTM9 is history. So what I would say to all the UTM9 users is use this time wisely and either start learning XG as the next step or start searching for an alternate product because XG is here to stay. UTM9 will become the next Windows XP someday, You will have an OS with no support or updates and that is never a good thing. Just food for thought.

Edited by itGeeks
Link to post
Share on other sites

actually I think utm9 is such a solution. xg is kind of a black box with frustrating characteristics and no evidence of continuous improvement.

 

I would not even consider an off the shelf 'consumer' router as they tend to quickly end up with obsolete firmware unless one switches them to an alternative firmware.

 

Good comment.  I certainly have not had the experience with UTM9 that you or Drashna have had (actually none).  From what I read, I would not disagree with you.  My point was merely from a starting point of today for anyone wanting to increase what they have not from someone who already has it.  If you have a great solution you should keep it till you are comfortable or there is tangible evidence that there is something worthwhile to upgrade to.  If you are using an off the shelf router, jump in the water is fine....

Link to post
Share on other sites

someday maybe a new version will come out that is at least as capable as UTM9. otherwise I don't see what fantastic thing I am getting in return for the lost functionality of this spiffy new gadget. if it is the long term choice it has to earn that spot. so far no reality, just hype.

 

I will try to avoid a litany, but let's take something as simple as country blocking - UTM9 has a very refined albeit complex interface, but I can choose countries and protections by check-boxes on a list. The new gizmo requires me to make an object for each country I want to block, and for simplicity sake add them to a group, then use the group in a rule. not too bad if there are only a handful of countries to block, but I really prefer to see the whole darn list at once to review my choices rather than hitting a pull-down over and over and over...

 

and if native ipv6 should become functional I will have to maintain duplicate/equivalent rules between the ipv6 tab and the ipv4 tab. UTM handles the shorthand of 4+6 very well thank you..

 

the new gizmo's control center is different from what I am used to from UTM9 but so far after staring at it for a few days I'm not feeling it is enhancing my life any.

 

as always YMMV.

Edited by nrf
Link to post
Share on other sites

someday maybe a new version will come out that is at least as capable as UTM9. otherwise I don't see what fantastic thing I am getting in return for the lost functionality of this spiffy new gadget. if it is the long term choice it has to earn that spot. so far no reality, just hype.

 

I will try to avoid a litany, but let's take something as simple as country blocking - UTM9 has a very refined albeit complex interface, but I can choose countries and protections by check-boxes on a list. The new gizmo requires me to make an object for each country I want to block, and for simplicity sake add them to a group, then use the group in a rule. not too bad if there are only a handful of countries to block, but I really prefer to see the whole darn list at once to review my choices rather than hitting a pull-down over and over and over...

 

and if native ipv6 should become functional I will have to maintain duplicate/equivalent rules between the ipv6 tab and the ipv4 tab. UTM handles the shorthand of 4+6 very well thank you..

 

the new gizmo's control center is different from what I am used to from UTM9 but so far after staring at it for a few days I'm not feeling it is enhancing my life any.

 

as always YMMV.

Let me start this off by saying I don't disagree with the frustration that users of UTM9.x are expressing, I came from UTM9.x as well and yes there is lots of work for Sophos to do in order to get XG up to UTM9 standards and I feel over time Sophos will get there based on there intended road-map but hew knows what will make the cut from UTM9 to XG but I do know that XG is here to stay like it or not. Everyone has choices either stay with UTM9 till it becomes the next Windows XP and see what happens with XG or jump on-board early and grow with Sophos next big thing or start looking elsewhere for a router/firewall with gateway protection of a cost of free for home use. I have decided to jump on-board early and grow with Sophos new product as it still provides world class protection despite its short Cummings, In the long term I am hoping that many of these limitations/annoyances get worked out and this gets developed to be something better then UTM9, That's a risk I have decided to take. I can sit here and complain about the many things XG is not but I have decided to take a positive attitude as it is much better in many ways to UTM9 such as the performance is much better & the way that we use policies to set most things up. Heck something as simple as you cant click on a dynamic IP address of a device to add it to the static-DHCP list is not even possible in XG but I got threw it and it works. Give the product some time to develop and lets see what happens. As for country blocking I thought I needed this till it coused me way more problems then it solved so I disabled it in UTM9.

 

I personally think we have all beaten this topic to death and everyone should take the rout they want and hope for the best.

Edited by itGeeks
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...