Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall

[itGeeks 181]

I plan on doing it on Tuesday. I have other stuff between now and then that requires it to be working. Also, I need to check ALL of my rules and config before "upgrading". 

 

Yeah, it is, and the setup is confusing. Glad you got the NAT stuff sorted. That was going to be the first part I covered. Because ... yeah.

 

Definitely is. And even if your not... some of the UI is very confusing. I'm not sure how they designed it, but whoever they hired to do it needs to be fired. 

 

From what I've heard, the web filter is MUCH faster. That's a big deal, as I've definitely noticed a bit of lag. 

 

Will post feedback about it on my blog. 

Yes the web filter as well as the whole product feels faster, Even the Admin page opens right up.

[itGeeks 181]

I'm struggling to understand the performance indicator too..

 

It's flagged orange. I have 4 vCPUS and 4Gb RAM. Seems to indicate it's hit high load at some point, but CPU and RAM don't show the same?

 

 

Mine has been showing orange as well but I am now looking the otherway, What I cant see wont hurt me  According to the help file it says "Warning

Load Average is between 2 to 5 units" What does this mean? Your guess is as good as mine http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/ControlCenter.html

 

Also I see you allocated 4 cores & 4 Gb of memory, For home use you can really knock that down to 2 Cores and push up the memory to 6Gb. Sophos loves memory. I have Sophos running in a VM on Hyper V with the configuration I just gave you and it runs great.

Edited November 16, 2015 by itGeeks

[nrf 116]

the so-called heartbeat feature that paying customers will get sounds promising, but us cheapskates end up with two disjoint products, a firewall with local web interface and a endpoint feature with cloud-based interface, and they don't talk to each other. has anyone gotten a price for a small installation of the for-pay product?

Edited November 16, 2015 by nrf

[itGeeks 181]

I have a new question that you may be able to answer!

 

Well, 2 actually..

 

Firstly, my WAN is showing a red exclamation mark - interface status is green, gateway status is red. Says Internet (name of WAN) is down. But it's not down.

 

And secondly, why do I not see any "live users" on the dashboard?

For your user qwestion, Are you using AD? If not you need to setup the users first before they will show up on the dashboard. Have a look here: http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FUserEdit.html%23wwconnect_header

 

As for the WAN problem it looks to me like you have something "miss configured" What is the WAN port plugged into?

[psykix 27]

 

Mine has been showing orange as well but I am now looking the otherway, What I cant see wont hurt me  According to the help file it says "Warning

Load Average is between 2 to 5 units" What does this mean? Your guess is as good as mine http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/ControlCenter.html

 

Also I see you allocated 4 cores & 4 Gb of memory, For home use you can really knock that down to 2 Cores and push up the memory to 6Gb. Sophos loves memory. I have Sophos running in a VM on Hyper V with the configuration I just gave you and it runs great.

 

 

Well it's not hit more than 41% mem usage so far, so I'll monitor it. I may well cut the cores, because then I can redistribute the other 2 to my Plex server.

 

For your user qwestion, Are you using AD? If not you need to setup the users first before they will show up on the dashboard. Have a look here: http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FUserEdit.html%23wwconnect_header

 

As for the WAN problem it looks to me like you have something "miss configured" What is the WAN port plugged into?

 

No, not using AD. I'll take a look at the link.

 

WAN is just ADSL modem Ethernet port, to the 2nd Broadcom NIC on the Gen8 - nothing to misconfigure tbh!

 

I'd post on the Sophos forums, except it seems dead - I think the product is too new and we're on our own for the time being!!

 

Thanks!

[itGeeks 181]

Well it's not hit more than 41% mem usage so far, so I'll monitor it. I may well cut the cores, because then I can redistribute the other 2 to my Plex server.

 

 

No, not using AD. I'll take a look at the link.

 

WAN is just ADSL modem Ethernet port, to the 2nd Broadcom NIC on the Gen8 - nothing to misconfigure tbh!

 

I'd post on the Sophos forums, except it seems dead - I think the product is too new and we're on our own for the time being!!

 

Thanks!

Sophos has a brand new community forum now https://community.sophos.com/products/xg-firewall/f/46

[psykix 27]

Yeah, that's where I posted my questions...

 

Very quiet in there at the moment!

 

Do you know how to reset the dashboard stats? I can't see any way to do it, and my post over there has gone unanswered.

 

I also cannot get notifications to work through my Office365 hosted Exchange server, but other servers I have with the same configuration work just fine, so I must be missing something on the Sophos box!

Edited November 16, 2015 by psykix

[psykix 27]

Aaaand.. I've hit the Netflix on iOS issue :-(

 

I've had to turn Webfiltering off since there seems to be no workaround at the moment.

[Drashna Jaelre 157]

Aaaand.. I've hit the Netflix on iOS issue :-(

 

I've had to turn Webfiltering off since there seems to be no workaround at the moment.

Can't help you yet.

 

But sweet lord, the new interface is beyond confusing. 

It took me an hour of trial and error and searching to find a proper solution. But hey... you should be able to access my webserver now.

[psykix 27]

Haha, yeah it's a learning curve alright! The Netflix issue is kind of a big deal. If I have to turn the web filter off then that's a chunk of the product thrown by the wayside. I may take a look at pfSense too, since I've not used either product before.