Jump to content
RESET Forums (homeservershow.com)

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall


itGeeks

Recommended Posts

so if I understand this, with your setting the product does nothing for ios/android devices because there is no way to fine tune the rules?

Well yes and no, There would be no HTTP scaning or web filter but devices still have basic protection like you would have with any off the shelf home router.

Never mind, I have managed to create a rule based on MAC addresses to exempt the iOS and Android devices from the general rule. I have all the filtering switched on in the main rule (which covers the likes of the Windows and MAC OS X based devices.)

 

Progress!

You will get it. I don't use the MAC Host because I like to group my devices by type and for some odd reason Sophos does not allow you to great MAC Host Group only IP Host Groups so that's what I use.

Link to post
Share on other sites
  • Replies 300
  • Created
  • Last Reply

Top Posters In This Topic

  • itGeeks

    92

  • nrf

    53

  • pcdoc

    46

  • psykix

    40

Top Posters In This Topic

Popular Posts

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG

Here is what Sophos had to say about this brand new platform- https://blogs.sophos.com/2015/11/10/sophos-xg-firewall-a-network-security-ecosystem-with-many-innovations/#more-30035   You can downloa

Well I was almost there this weekend but had to bail out.  Got everything working very well such as port forwarding, filtering, application policies etc.  Got my home automation, cameras, and streamin

Well yes and no, There would be no HTTP scaning or web filter but devices still have basic protection like you would have with any off the shelf home router.

You will get it. I don't use the MAC Host because I like to group my devices by type and for some odd reason Sophos does not allow you to great MAC Host Group only IP Host Groups so that's what I use.

 

Yeah, exactly. Sophos has some great features, especially for free, but if you have iOS and Android devices, then you pretty much have to disable all of those nice features for those devices at a minimum.

 

Some websites refuse to work (even on Windows) with IPS switched on though. For example, with IPS switched on, try to go to https://opnsense.org- it times out, and logs a  OpenSSL Alternative Chains Certificate Forgery Policy Bypass error

 

I think the MAC address host group missing is an oversight, as all the other items in the list have a group option. I have logged it as a feature request.

 

The worst thing about the product is the lack of response in their official forums. It's like getting blood out of a stone.

Link to post
Share on other sites

Yeah, exactly. Sophos has some great features, especially for free, but if you have iOS and Android devices, then you pretty much have to disable all of those nice features for those devices at a minimum.

 

Some websites refuse to work (even on Windows) with IPS switched on though. For example, with IPS switched on, try to go to https://opnsense.org- it times out, and logs a OpenSSL Alternative Chains Certificate Forgery Policy Bypass error

 

I think the MAC address host group missing is an oversight, as all the other items in the list have a group option. I have logged it as a feature request.

 

The worst thing about the product is the lack of response in their official forums. It's like getting blood out of a stone.

Though it seems pretty rare in my case but I did have one issue with a site being blocked and was able to create a rule that allowed it. I called it allowed sites and had added the site to it.

 

I working with then on a four facility conversion and they have been responsive so I will email them on the ver release plan and see what they say. You are right about the forum response. Seems like their focus is on getting the next release out. Let's hope that they are at least reading them.

 

 

 

Sent from my iPhone using Tapatalk

  • Like 1
Link to post
Share on other sites

I realise that we are not paying customers, but it really is in their interest to listen to what we have to say - whilst I've been out of the IT loop commercially for some time, my background is in 3rd line server and network infrastructure, hence why I love to play about at home with this stuff.

 

If I were still working for the government agency that I used to work for then this product would be firmly off the list for a UTM! Mind you, we used MS Forefront TMG, so that's how far back I'm going - long time in IT circles 4 years!

Link to post
Share on other sites

I realise that we are not paying customers, but it really is in their interest to listen to what we have to say - whilst I've been out of the IT loop commercially for some time, my background is in 3rd line server and network infrastructure, hence why I love to play about at home with this stuff.

 

If I were still working for the government agency that I used to work for then this product would be firmly off the list for a UTM! Mind you, we used MS Forefront TMG, so that's how far back I'm going - long time in IT circles 4 years!

 

Agreed, the forums (especially theirs) should be part of the feature/problem list for going forward.  It is a wealth of information.  I have been told by them today that a "major" release is slated for May and there will be 1-2 minor releases between now and then.  As this is proprietary, they could not disclose any features but they were pretty confident about the timeline.  If anyone has specific issues (other than Netflix, which I had forwarded to them already) please post your specific issue here and I will see if I can get answers.

Link to post
Share on other sites

Ok, my list of issues :-

 

Mail notifications - cannot get this to work no matter what I do. All my settings are correct - I can send and receive mail from multiple devices behind the Sophos box, using the same credentials, and I have other servers which send notifications just fine. However Sophos refuses to work - says failed to connect to mail server.

 

DHCP seems broken - I've seen other reports of this too. Some devices keep renewing their leases over and over. Changing the lease period doesn't appear to help. I've tried 8 days, and 1 day. The leases renew every few minutes.

 

MAC hosts - no ability to create groups, only a host with a list of MAC addresses which is pretty useless really as it would be a nightmare to keep up to date by looking at MAC addresses rather than names.

 

My gateway always shows as being down, when it is in fact up. This is because my modem doesn't respond to icmp. The ability to ping an external address like 8.8.8.8 and use that to determine if the gateway is up or down would be good.

 

The ability to clear the logs - can't get the logs to clear, and can find no way to manually clear them.

 

Ability to alter the threshold for the performance monitor. Always shows as orange on my system, and I'm running a E3-1265LV2 and have given it the max 6Gb RAM (and it's on an SSD)

 

Real time logs - don't think there are any. Makes troubleshooting connection problems a nightmare!

 

That'll do for now!!

Link to post
Share on other sites

Ok, my list of issues :-

 

Mail notifications - cannot get this to work no matter what I do. All my settings are correct - I can send and receive mail from multiple devices behind the Sophos box, using the same credentials, and I have other servers which send notifications just fine. However Sophos refuses to work - says failed to connect to mail server.

 

DHCP seems broken - I've seen other reports of this too. Some devices keep renewing their leases over and over. Changing the lease period doesn't appear to help. I've tried 8 days, and 1 day. The leases renew every few minutes.

 

MAC hosts - no ability to create groups, only a host with a list of MAC addresses which is pretty useless really as it would be a nightmare to keep up to date by looking at MAC addresses rather than names.

 

My gateway always shows as being down, when it is in fact up. This is because my modem doesn't respond to icmp. The ability to ping an external address like 8.8.8.8 and use that to determine if the gateway is up or down would be good.

 

The ability to clear the logs - can't get the logs to clear, and can find no way to manually clear them.

 

Ability to alter the threshold for the performance monitor. Always shows as orange on my system, and I'm running a E3-1265LV2 and have given it the max 6Gb RAM (and it's on an SSD)

 

Real time logs - don't think there are any. Makes troubleshooting connection problems a nightmare!

 

That'll do for now!!

 

 

Thanks (I think).  I will forward these.  No promises but let see if they respond.

  • Like 1
Link to post
Share on other sites

Yeah, exactly. Sophos has some great features, especially for free, but if you have iOS and Android devices, then you pretty much have to disable all of those nice features for those devices at a minimum.

 

Some websites refuse to work (even on Windows) with IPS switched on though. For example, with IPS switched on, try to go to https://opnsense.org- it times out, and logs a  OpenSSL Alternative Chains Certificate Forgery Policy Bypass error

 

I think the MAC address host group missing is an oversight, as all the other items in the list have a group option. I have logged it as a feature request.

 

The worst thing about the product is the lack of response in their official forums. It's like getting blood out of a stone.

I just tested your link and I see what you mean, It times out for me as well. We can only hope in March Sophos WOWs us with the first update. I am not driving myself crazy with the stuff that does not work right now as I am hopeful most of this stuff will work its self out with the update. As for the MAC Group I would have to agree with you, It must be an oversight.

Link to post
Share on other sites

I think in the case of that link, given the error message it may be blocked because the website in question haven't applied the CVE-2015-1793 security vulnerability patch.

 

I suspect in this case, Sophos is actually doing its job properly.

 

Not sure how much of a risk it is, but it does seem to show the merits of Sophos over a bog standard router.

Link to post
Share on other sites

Ok, my list of issues :-

 

Mail notifications - cannot get this to work no matter what I do. All my settings are correct - I can send and receive mail from multiple devices behind the Sophos box, using the same credentials, and I have other servers which send notifications just fine. However Sophos refuses to work - says failed to connect to mail server.

 

DHCP seems broken - I've seen other reports of this too. Some devices keep renewing their leases over and over. Changing the lease period doesn't appear to help. I've tried 8 days, and 1 day. The leases renew every few minutes.

 

MAC hosts - no ability to create groups, only a host with a list of MAC addresses which is pretty useless really as it would be a nightmare to keep up to date by looking at MAC addresses rather than names.

 

My gateway always shows as being down, when it is in fact up. This is because my modem doesn't respond to icmp. The ability to ping an external address like 8.8.8.8 and use that to determine if the gateway is up or down would be good.

 

The ability to clear the logs - can't get the logs to clear, and can find no way to manually clear them.

 

Ability to alter the threshold for the performance monitor. Always shows as orange on my system, and I'm running a E3-1265LV2 and have given it the max 6Gb RAM (and it's on an SSD)

 

Real time logs - don't think there are any. Makes troubleshooting connection problems a nightmare!

 

That'll do for now!!

I can add to your list. Make adding a 'static DHCP' host easy, Right now its a completely manual process. In UTM 9 all you had to do was click the device in the DHCP server list and it would add it to the 'static list' then all you had to do was change the IP if you wanted and click save. O ya almost forgot it was also create a 'IP Host' for you at the same time. This all needs to be brought back, Its to much manual work.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...