Jump to content
RESET Forums (homeservershow.com)

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall


itGeeks

Recommended Posts

Drashna Jaelre

For anyone that needs it, Port Forwarding guide is up:

https://drashna.net/blog/2015/11/sophos-xg-firewall-port-forwarding/

 

 

 

Haha, yeah it's a learning curve alright! The Netflix issue is kind of a big deal. If I have to turn the web filter off then that's a chunk of the product thrown by the wayside. I may take a look at pfSense too, since I've not used either product before.

Web Filtering is the next thing I plan on hitting. I'll let you know when that's up.

 

Well, I think I'm actually reverting to 9.3 by friday, and staying away from the sticking pile of shit that is Sophos XG.

  • Like 1
Link to post
Share on other sites
  • Replies 300
  • Created
  • Last Reply

Top Posters In This Topic

  • itGeeks

    92

  • nrf

    53

  • pcdoc

    46

  • psykix

    40

Top Posters In This Topic

Popular Posts

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG

Here is what Sophos had to say about this brand new platform- https://blogs.sophos.com/2015/11/10/sophos-xg-firewall-a-network-security-ecosystem-with-many-innovations/#more-30035   You can downloa

Well I was almost there this weekend but had to bail out.  Got everything working very well such as port forwarding, filtering, application policies etc.  Got my home automation, cameras, and streamin

I have 2 Xbox One consoles, and one of them keeps renewing the DHCP lease every 1 minute according the the Sophos logs.

 

I've temporarily set it to a static and it's fine. Any idea why it would do that though?

Link to post
Share on other sites

 

Web Filtering is the next thing I plan on hitting. I'll let you know when that's up.

 

Well, I think I'm actually reverting to 9.3 by friday, and staying away from the sticking pile of shit that is Sophos XG.

 

I'm not particularly impressed so far - I can't figure out why I have an amber flag on performance, my WAN shows the gateway to be down, when it's actually up, I've had to turn off the webfilter or Netflix and many other streaming videos refuse to work, and there seems no config that will fix that other than the blunt instrument of switching off the filter entirely.

 

And to cap it all, no one seems to bother replying to any questions on the new Sophos XG support forum.

 

Not really a stellar start for the product really, but I suppose some could be related to my unfamiliarity with it.

Link to post
Share on other sites

Aaaand.. I've hit the Netflix on iOS issue :-(

 

I've had to turn Webfiltering off since there seems to be no workaround at the moment.

Its not just an iOS issue, Its also Android :( and ya what fixed it in UTM9 does not seem to work on Sophos XG Firewall. For the love of god I don't understand y Sophos wont fix this so it works out of the box, After all there is a switch in the web filter not to scan Audio & Video files. Where did you turn off web filtering? When I tried that Netflix still did not work but maybe I did not turn web filtering off in the right place.

Link to post
Share on other sites

Well, again it's not exactly obvious!!

 

You need to edit your main network rule and under Policy for User Applications, change Web Filter from Allow All to None (Off would have been a better description!)


Thinking about it, I could probably add another rule above the default and use Web Filter None for the specific Apple devices.

 

However, they MUST be aware of the Netflix issue - it was a problem in the last product so to have not addressed it this time around beggars belief really.

Link to post
Share on other sites

For anyone that needs it, Port Forwarding guide is up:

https://drashna.net/blog/2015/11/sophos-xg-firewall-port-forwarding/

 

 

 

Web Filtering is the next thing I plan on hitting. I'll let you know when that's up.

 

Well, I think I'm actually reverting to 9.3 by friday, and staying away from the sticking pile of shit that is Sophos XG.

Hang in there brother, I have faith in you to get things like Netflix working for us :) Thanks for the first of I hope several new guides on the new Sophos XG Firewall

Link to post
Share on other sites

in that first guide I made a comment which seems stuck waiting moderation. not so here...

 

"yes this seems like an expansive set of things to do, counter to the ‘simplicity’ claim. But with regard to the “hosted address” part, this would seem logical only to someone who had multiple IP addresses on the WAN"

 

fwiw a possible explanation of one of their thoughts...

Link to post
Share on other sites
Drashna Jaelre

in that first guide I made a comment which seems stuck waiting moderation. not so here...

 

"yes this seems like an expansive set of things to do, counter to the ‘simplicity’ claim. But with regard to the “hosted address” part, this would seem logical only to someone who had multiple IP addresses on the WAN"

 

fwiw a possible explanation of one of their thoughts...

Definitely agree.  

 

However, you could do forwarding and exclusion based on the external NIC in the UTM product, as well. 

 

And they wanted all of this stuff (firewall, port forwarding, etc) all in one place, usability be damned. (Seriously, watch their marketing video).

 

Hang in there brother, I have faith in you to get things like Netflix working for us :) Thanks for the first of I hope several new guides on the new Sophos XG Firewall

 

I'm not sure there is solution here. Even with the filter and everything set to "none", it breaks Jetpack's site statistics (Jetback being a Wordpress.com plugin for self hosted wordpress sites).  I've tried everything I can think of to get it working, but nope. :(

 

And as for Netflix, that really should be part of the streaming videos rule. If it's not ... well there is no way to add it without hounding Sophos. 

 

To sum up my feelings: Sophos is Turn key. UTM had it's issues... and XG turned the key too far and it broke off in the lock.

Link to post
Share on other sites
Drashna Jaelre

For anyone that needs it, Port Forwarding guide is up:

https://drashna.net/blog/2015/11/sophos-xg-firewall-port-forwarding/

 

 

I've edited the guide already.  Apparently the way I was doing it ... not only didn't work reliably, but actually outright blocked the ports that I was forwarding. 

 

Meaning that because I was hosting web services on it (HTTP, HTTPS), it was outright blocking the server from connecting to those services. I've found the solution and uploaded the guide.

 

But .... yeah, I would absolutely recommend staying away from Sophos XG Firewall, and go for Sophos UTM  for now. Unless you're willing to spend countless hours ripping out your hair in frustration, because there is absolutely no information about anything for this product.

  • Like 1
Link to post
Share on other sites

Definitely agree.  

 

However, you could do forwarding and exclusion based on the external NIC in the UTM product, as well. 

 

And they wanted all of this stuff (firewall, port forwarding, etc) all in one place, usability be damned. (Seriously, watch their marketing video).

 

 

I'm not sure there is solution here. Even with the filter and everything set to "none", it breaks Jetpack's site statistics (Jetback being a Wordpress.com plugin for self hosted wordpress sites).  I've tried everything I can think of to get it working, but nope. :(

 

And as for Netflix, that really should be part of the streaming videos rule. If it's not ... well there is no way to add it without hounding Sophos. 

 

To sum up my feelings: Sophos is Turn key. UTM had it's issues... and XG turned the key too far and it broke off in the lock.

I feel your pain and agree with you but unfortunately this is the way they are heading and UTM 9 whatever will become a boat anchor at some point. They listen to none of us on the beta forums or at least gave no response in most cases so your guess is as good as mine what there thinking with this product. Think of the CEO of Microsoft that now owns a foot ball team. He did not listen to any of us either.

Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×
×
  • Create New...