Jump to content
RESET Forums (homeservershow.com)
itGeeks

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall

Recommended Posts

Drashna Jaelre

For anyone that needs it, Port Forwarding guide is up:

https://drashna.net/blog/2015/11/sophos-xg-firewall-port-forwarding/

 

 

 

Haha, yeah it's a learning curve alright! The Netflix issue is kind of a big deal. If I have to turn the web filter off then that's a chunk of the product thrown by the wayside. I may take a look at pfSense too, since I've not used either product before.

Web Filtering is the next thing I plan on hitting. I'll let you know when that's up.

 

Well, I think I'm actually reverting to 9.3 by friday, and staying away from the sticking pile of shit that is Sophos XG.

  • Like 1

Share this post


Link to post
Share on other sites
psykix

I have 2 Xbox One consoles, and one of them keeps renewing the DHCP lease every 1 minute according the the Sophos logs.

 

I've temporarily set it to a static and it's fine. Any idea why it would do that though?

Share this post


Link to post
Share on other sites
psykix

 

Web Filtering is the next thing I plan on hitting. I'll let you know when that's up.

 

Well, I think I'm actually reverting to 9.3 by friday, and staying away from the sticking pile of shit that is Sophos XG.

 

I'm not particularly impressed so far - I can't figure out why I have an amber flag on performance, my WAN shows the gateway to be down, when it's actually up, I've had to turn off the webfilter or Netflix and many other streaming videos refuse to work, and there seems no config that will fix that other than the blunt instrument of switching off the filter entirely.

 

And to cap it all, no one seems to bother replying to any questions on the new Sophos XG support forum.

 

Not really a stellar start for the product really, but I suppose some could be related to my unfamiliarity with it.

Share this post


Link to post
Share on other sites
itGeeks

Aaaand.. I've hit the Netflix on iOS issue :-(

 

I've had to turn Webfiltering off since there seems to be no workaround at the moment.

Its not just an iOS issue, Its also Android :( and ya what fixed it in UTM9 does not seem to work on Sophos XG Firewall. For the love of god I don't understand y Sophos wont fix this so it works out of the box, After all there is a switch in the web filter not to scan Audio & Video files. Where did you turn off web filtering? When I tried that Netflix still did not work but maybe I did not turn web filtering off in the right place.

Share this post


Link to post
Share on other sites
psykix

Well, again it's not exactly obvious!!

 

You need to edit your main network rule and under Policy for User Applications, change Web Filter from Allow All to None (Off would have been a better description!)


Thinking about it, I could probably add another rule above the default and use Web Filter None for the specific Apple devices.

 

However, they MUST be aware of the Netflix issue - it was a problem in the last product so to have not addressed it this time around beggars belief really.

Share this post


Link to post
Share on other sites
itGeeks

For anyone that needs it, Port Forwarding guide is up:

https://drashna.net/blog/2015/11/sophos-xg-firewall-port-forwarding/

 

 

 

Web Filtering is the next thing I plan on hitting. I'll let you know when that's up.

 

Well, I think I'm actually reverting to 9.3 by friday, and staying away from the sticking pile of shit that is Sophos XG.

Hang in there brother, I have faith in you to get things like Netflix working for us :) Thanks for the first of I hope several new guides on the new Sophos XG Firewall

Share this post


Link to post
Share on other sites
nrf

in that first guide I made a comment which seems stuck waiting moderation. not so here...

 

"yes this seems like an expansive set of things to do, counter to the ‘simplicity’ claim. But with regard to the “hosted address” part, this would seem logical only to someone who had multiple IP addresses on the WAN"

 

fwiw a possible explanation of one of their thoughts...

Share this post


Link to post
Share on other sites
Drashna Jaelre

in that first guide I made a comment which seems stuck waiting moderation. not so here...

 

"yes this seems like an expansive set of things to do, counter to the ‘simplicity’ claim. But with regard to the “hosted address” part, this would seem logical only to someone who had multiple IP addresses on the WAN"

 

fwiw a possible explanation of one of their thoughts...

Definitely agree.  

 

However, you could do forwarding and exclusion based on the external NIC in the UTM product, as well. 

 

And they wanted all of this stuff (firewall, port forwarding, etc) all in one place, usability be damned. (Seriously, watch their marketing video).

 

Hang in there brother, I have faith in you to get things like Netflix working for us :) Thanks for the first of I hope several new guides on the new Sophos XG Firewall

 

I'm not sure there is solution here. Even with the filter and everything set to "none", it breaks Jetpack's site statistics (Jetback being a Wordpress.com plugin for self hosted wordpress sites).  I've tried everything I can think of to get it working, but nope. :(

 

And as for Netflix, that really should be part of the streaming videos rule. If it's not ... well there is no way to add it without hounding Sophos. 

 

To sum up my feelings: Sophos is Turn key. UTM had it's issues... and XG turned the key too far and it broke off in the lock.

Share this post


Link to post
Share on other sites
Drashna Jaelre

For anyone that needs it, Port Forwarding guide is up:

https://drashna.net/blog/2015/11/sophos-xg-firewall-port-forwarding/

 

 

I've edited the guide already.  Apparently the way I was doing it ... not only didn't work reliably, but actually outright blocked the ports that I was forwarding. 

 

Meaning that because I was hosting web services on it (HTTP, HTTPS), it was outright blocking the server from connecting to those services. I've found the solution and uploaded the guide.

 

But .... yeah, I would absolutely recommend staying away from Sophos XG Firewall, and go for Sophos UTM  for now. Unless you're willing to spend countless hours ripping out your hair in frustration, because there is absolutely no information about anything for this product.

  • Like 1

Share this post


Link to post
Share on other sites
itGeeks

Definitely agree.  

 

However, you could do forwarding and exclusion based on the external NIC in the UTM product, as well. 

 

And they wanted all of this stuff (firewall, port forwarding, etc) all in one place, usability be damned. (Seriously, watch their marketing video).

 

 

I'm not sure there is solution here. Even with the filter and everything set to "none", it breaks Jetpack's site statistics (Jetback being a Wordpress.com plugin for self hosted wordpress sites).  I've tried everything I can think of to get it working, but nope. :(

 

And as for Netflix, that really should be part of the streaming videos rule. If it's not ... well there is no way to add it without hounding Sophos. 

 

To sum up my feelings: Sophos is Turn key. UTM had it's issues... and XG turned the key too far and it broke off in the lock.

I feel your pain and agree with you but unfortunately this is the way they are heading and UTM 9 whatever will become a boat anchor at some point. They listen to none of us on the beta forums or at least gave no response in most cases so your guess is as good as mine what there thinking with this product. Think of the CEO of Microsoft that now owns a foot ball team. He did not listen to any of us either.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...