Jump to content
RESET Forums (homeservershow.com)
itGeeks

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall

Recommended Posts

Drashna Jaelre

The way I got Netflix to work on my Android was not by MAC Address I created a IP-Host, Don't know if that made the difference or not because I don't have any iOS devices and I did not try using the MAC address before trying IP-Host, The reason I decided to use IP-Host over MAC-Host was because you cant create a MAC-Host (Group) of devices, You can only create a IP-Host (Group). Give it a shot and see if it works for you. What I have done now is create 3 different outbound rules, One for Gaming Consoles, IP Cams, TVs, DVRs, Ect. What goes into this rule is anything that's not a computer, tablet or smart phone, I have all the security/scanning settings turned off on this rule so things like XBox Live will work and lets face it you don't want to be scanning gaming traffic because that could kill the win :)

 

The second outbound rule holds all my tablets/smart phones that need Netflix, In this rule I only turn off the web filter to make Netflix happy but all other security/scanning is active even IPS.

 

The 3rd outbound rule is the default rule created by Sophos, On this rule everything is active. It seems to be working well today but only time will tell if there are any other problems.

As long as the web filter is responsive, it's not an issue. :)

 

That said, it's mostly not done over web ports, so the filter doesn't touch it.  And the issue is still that you're turning off the filtering altogether for these devices. I would rather not do that, at all. I would rather allow exceptions for specific services, as need. Which there is no way to do so.

 

Additionally, I may be a glutton for punishment, but I prefer having to explicitly allow ports, which you can't really do on XG... not without a LOT of work. 

 

 

Which boils down to one thing: XG Firewall is not a product for enterprises. And it's not a product for home.  And soon... it may just not be a product, at all.  

And remember, they're the ones that are deciding all the info for your router. What sites belong in which categories, etc.

Share this post


Link to post
Share on other sites
itGeeks

As long as the web filter is responsive, it's not an issue. :)

 

That said, it's mostly not done over web ports, so the filter doesn't touch it.  And the issue is still that you're turning off the filtering altogether for these devices. I would rather not do that, at all. I would rather allow exceptions for specific services, as need. Which there is no way to do so.

 

Additionally, I may be a glutton for punishment, but I prefer having to explicitly allow ports, which you can't really do on XG... not without a LOT of work. 

 

 

Which boils down to one thing: XG Firewall is not a product for enterprises. And it's not a product for home.  And soon... it may just not be a product, at all.  

And remember, they're the ones that are deciding all the info for your router. What sites belong in which categories, etc.

I don't disagree with you at all, I am just trying to think outside the box a bit to give this product time to mature, As crazy as it sounds I do like the product but as Sophos has said in the beta forums this is very much a v1 product and its going to take some time to get it on par with UTM9  :( It was said by many in the beta forums that this product is not ready for prime time on Nov 9 but ready or not it got released and is in fact the software that is going out on any new devices they sell. Time will tell how it all turns out. I am going to stick with it for the next 6 months or so and see if they push anything new.

  • Like 1

Share this post


Link to post
Share on other sites
Drashna Jaelre

I don't disagree with you at all, I am just trying to think outside the box a bit to give this product time to mature, As crazy as it sounds I do like the product but as Sophos has said in the beta forums this is very much a v1 product and its going to take some time to get it on par with UTM9  :( It was said by many in the beta forums that this product is not ready for prime time on Nov 9 but ready or not it got released and is in fact the software that is going out on any new devices they sell. Time will tell how it all turns out. I am going to stick with it for the next 6 months or so and see if they push anything new.

 

Ouch. For the new customers....

 

And yeah, I'm going back. I'll keep a VM of it (it works fine for my VM network), but .... it's definitely not ready for prime time. In ~ six months, I'll probably re-evaluate it. But for now. for home use, UTM 9.3 is a much better solution.  You can actually fix issues.

  • Like 1

Share this post


Link to post
Share on other sites
Poppapete

I have given up on XG. Netflix and 3 Xbox's in my house must work flawlessly or I am dead to my family and condidered of no use.

 

itGeeks, I have been using netgear powerline adapters for years and never had to "reboot" but admittedly only the 200 and 500 series.

Share this post


Link to post
Share on other sites
itGeeks

I have given up on XG. Netflix and 3 Xbox's in my house must work flawlessly or I am dead to my family and condidered of no use.

 

itGeeks, I have been using netgear powerline adapters for years and never had to "reboot" but admittedly only the 200 and 500 series.

Thanks for the info on your power-line adapters, As with everything else in life mileage will vary. As you probably know already, Many things play a role in the performance you get from power-line networking such as the age of the wiring, Are they installed on the same circuit, ect. My home was built in the 50's and the fact that the two adapters are plugged into different circuits is not ideal. These Netgear adapters where the clear winner for me in all my testing.

 

I have 4 XBox's in my house and we use Netflix all working fine behind Sophos XG :) Its not much work to get it setup and yes you have to do some bypassing of devices in Sophos but I don't think its a problem. All my mobile devices have Sophos Anti-virus or Lookout security so I am not worried at all, After all these are "Mobile" devices and should have there own security software installed on them anyway.

Edited by itGeeks

Share this post


Link to post
Share on other sites
nrf

aha - patient zero! will you be sharing any wisdom with others who might follow in your footsteps?

Share this post


Link to post
Share on other sites
nrf

anyone get this to load up on an N40L? I'm not doing so well.... the bios shows it sees the keyboards, booting from the old disk shows windows can see the keyboard, but XG doesn't see it when it asks me to enter Y.

I tried adjusting usb, ahci, and hpet bios settings with no joy.

 

any advice?

Share this post


Link to post
Share on other sites
nrf

also, I don't see the 'hit escape to boot' prompt, just a black screen then jumps into the installer screen

Share this post


Link to post
Share on other sites
schoondoggy

anyone get this to load up on an N40L? I'm not doing so well.... the bios shows it sees the keyboards, booting from the old disk shows windows can see the keyboard, but XG doesn't see it when it asks me to enter Y.

I tried adjusting usb, ahci, and hpet bios settings with no joy.

 

any advice?

I would try putting an Intel NIC in the N40L. Many Linux based solutions do not seem to like the onboard NIC of the N40L.

Share this post


Link to post
Share on other sites
itGeeks

I would try putting an Intel NIC in the N40L. Many Linux based solutions do not seem to like the onboard NIC of the N40L.

Kevin you took the words right out of my mouth. I was just going to ask him what NIC's where in the N40L and saw your post. As Kevin said use Intel NIC's and if its still a problem try burning a DVD and installing from that, There has been reports of people having trouble installing from a USB Drive. Also is this a bear-metal install your trying to do or in a VM? Also is the keyboard wired or wireless? If its wireless try a wired keyboard.

Edited by itGeeks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...