Jump to content
RESET Forums (homeservershow.com)
itGeeks

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall

Recommended Posts

Drashna Jaelre

Sorry it did not help. I don't have the time right now to mess with it. Here is the section on the manual for email protection http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FEmailProtection.html%23

 

Please let us know if you get it working and how you got it working.

There's a manual?! :)

Share this post


Link to post
Share on other sites
nrf

actually multiple manuals. pretty verbose but short on 'wisdom'

Edited by nrf

Share this post


Link to post
Share on other sites
nrf

so, anyone have new wisdom to share on this piece of work? clearly it doesn't do the native ipv6 the way utm 9 does. it got the /64 subnet but that all disappeared after a while not to be seen again. It also seems 'touchy' (easy to upset it) and changes seem to take some time to be implemented.

 

so far it has been ok running my work VPN connection.

Edited by nrf

Share this post


Link to post
Share on other sites
Drashna Jaelre

so, anyone have new wisdom to share on this piece of work? clearly it doesn't do the native ipv6 the way utm 9 does. it got the /64 subnet but that all disappeared after a while not to be seen again. It also seems 'touchy' (easy to upset it) and changes seem to take some time to be implemented.

 

so far it has been ok running my work VPN connection.

Wisdom?

 

Stay on UTM for the next few months.  See if they work out all the kinks and fix the GLARING ISSUES that XG Firewall has. 

 

That's what I'm doing. I've actually already reverted. Yes, it was that bad.

Share this post


Link to post
Share on other sites
nrf

Besides the fact that ipv6 (native) is not there for me, I was able to go through and set up a custom web filter policy and apply it to the default policy rule and configure an intrusion prevention policy to my liking and apply that as well. I also inserted a rule blocking certain outgoing services (SMB for one). nothing really horrible showed up doing those. I remember doing similar operations on utm 9. I have yet to venture into 'opening a port' or setting exceptions to web filtering.

 

I split off a second IP for the XG firewall and only have one client behind it for now. Everything important is on the UTM9 side.

Edited by nrf

Share this post


Link to post
Share on other sites
itGeeks

Besides the fact that ipv6 (native) is not there for me, I was able to go through and set up a custom web filter policy and apply it to the default policy rule and configure an intrusion prevention policy to my liking and apply that as well. I also inserted a rule blocking certain outgoing services (SMB for one). nothing really horrible showed up doing those. I remember doing similar operations on utm 9. I have yet to venture into 'opening a port' or setting exceptions to web filtering.

 

I split off a second IP for the XG firewall and only have one client behind it for now. Everything important is on the UTM9 side.

Could you go into detail on your custom web filter & intrusion prevention policy's?

Share this post


Link to post
Share on other sites
nrf

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG the equivalent is in objects / policies / intrusion prevention. I chose the 'lantowan_general', opened its filter, and touched it up by turning off any server type checkboxes under Category, the platform items for which I have no clients using the platform, and the 'server' target. I did not mess with the big matrix of actions on the right 70% of the page. Then on Policies I edited '#Default_Network_Policy'. In the 'Policy for User Applications' properties area I chose lantowan_general in the pulldown for 'intrusion prevention'.

 

for web filter policies, the equivalent in UTM9 is web protection / filtering options / Categories. in XG it is Protection / Web Protection / Web Filter Policies. I added a new one, choosing to clone 'CIPA compliance' as a starting point, then removed and added items from the list until I had a set to my liking. Since my home is populated with adults I only chose those of a protective nature like advertisements, parked domains, spyware & malware, your choice as always... Then I went to '#Default_Network_Policy' and applied my filter on the pulldown for Web Filter.

 

granted these are beginner items, I hope this helps. as I mentioned before I have a ways to go. but at least I did not have to create a bunch of defined objects to get this far.

Edited by nrf
  • Like 2

Share this post


Link to post
Share on other sites
itGeeks

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG the equivalent is in objects / policies / intrusion prevention. I chose the 'lantowan_general', opened its filter, and touched it up by turning off any server type checkboxes under Category, the platform items for which I have no clients using the platform, and the 'server' target. I did not mess with the big matrix of actions on the right 70% of the page. Then on Policies I edited '#Default_Network_Policy'. In the 'Policy for User Applications' properties area I chose lantowan_general in the pulldown for 'intrusion prevention'.

 

for web filter policies, the equivalent in UTM9 is web protection / filtering options / Categories. in XG it is Protection / Web Protection / Web Filter Policies. I added a new one, choosing to clone 'CIPA compliance' as a starting point, then removed and added items from the list until I had a set to my liking. Since my home is populated with adults I only chose those of a protective nature like advertisements, parked domains, spyware & malware, your choice as always... Then I went to '#Default_Network_Policy' and applied my filter on the pulldown for Web Filter.

 

granted these are beginner items, I hope this helps. as I mentioned before I have a ways to go. but at least I did not have to create a bunch of defined objects to get this far.

Nice work and thanks for the detailed explanation. I also have "intrusion prevention" set lantowan_general. I have not fined tuned anything in the "web filter" as we are all adults in the house also but I do want to take a look into more detail of your 'web filter" policy for use in my environment. Please keep us updated as the progress flows as there is always something to be learned :)

 

Thanks again for taking the time...

Edited by itGeeks

Share this post


Link to post
Share on other sites
nrf

no problem, consider it a teeny tiny attempt at payback for the 'drashna' guide.

  • Like 1

Share this post


Link to post
Share on other sites
Jason

Wisdom?

 

Stay on UTM for the next few months. See if they work out all the kinks and fix the GLARING ISSUES that XG Firewall has.

 

That's what I'm doing. I've actually already reverted. Yes, it was that bad.

Thanks for the warning. I'm just catching up on this thread from the holiday and couldn't be more glad I'm late to the party! Typically I would've jumped onto XG but don't have time or sanity to waste on it. I trust your judgment. Am sticking with UTM 9.3 for now.

 

What is best process to record settings from UTM 9.3 when ultimately migrating to XG since it's not an upgrade? When I moved from pfsense to Sophos UTM it was painful. Trying to use this time to map best approach.

 

I don't have extra hardware around to be building another box to run XG unless that's what I should be planning to do?

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...