Jump to content
RESET Forums (homeservershow.com)
itGeeks

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall

Recommended Posts

itGeeks

Thanks for the warning. I'm just catching up on this thread from the holiday and couldn't be more glad I'm late to the party! Typically I would've jumped onto XG but don't have time or sanity to waste on it. I trust your judgment. Am sticking with UTM 9.3 for now.

 

What is best process to record settings from UTM 9.3 when ultimately migrating to XG since it's not an upgrade? When I moved from pfsense to Sophos UTM it was painful. Trying to use this time to map best approach.

 

I don't have extra hardware around to be building another box to run XG unless that's what I should be planning to do?

 

 

Sent from my iPhone using Tapatalk

My humble opinion is there really is no reason to wait, Yes the product is a "virgin" but its been working well for me thus far. There is at least three of us on this forum that is using it and learning the product so help is at your finger tips. I had to do a reinstall after the beta so I could change the serial number for my free home licenses and when I did that one of the options was upgrade from UTM9 so it looks to me like you can now do an in-place upgrade however I did not try it. When I decided to try the beta I did a screen print of everything in UTM9 so I could manually configure the new install. I used SnagIT for this task. Also here is the link to the online help system http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html

Share this post


Link to post
Share on other sites
Drashna Jaelre

no problem, consider it a teeny tiny attempt at payback for the 'drashna' guide.

:)

 

And yeah, it has a lot more "options". But these are basically templates based on different "expected" configuration. 

 

IIRC, the COPA web filter is good for child safety. 

 

 

 

My humble opinion is there really is no reason to wait, Yes the product is a "virgin" but its been working well for me thus far. There is at least three of us on this forum that is using it and learning the product so help is at your finger tips. I had to do a reinstall after the beta so I could change the serial number for my free home licenses and when I did that one of the options was upgrade from UTM9 so it looks to me like you can now do an in-place upgrade however I did not try it. When I decided to try the beta I did a screen print of everything in UTM9 so I could manually configure the new install. I used SnagIT for this task. Also here is the link to the online help system http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html

 

I respectfully disagree. :\

 

If you use mobile devices for consumption, or have consoles, it's pretty much unusable. 

The web filter breaks too many things... and fixing them ... well, the only way available is turn off categories until you figure out which it is... or just turn it off completely. Completely defeating the point.

Share this post


Link to post
Share on other sites
Jason

I have to side with Drashna on this. If he doesn't sound even remotely convinced, then I'll gladly wait on the sidelines to see how this product matures. Right now my UTM 9.3 isn't broke and doesn't need fixed. My family would have a meltdown if there was even a slight hiccup.

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
itGeeks

:)

 

And yeah, it has a lot more "options". But these are basically templates based on different "expected" configuration. 

 

IIRC, the COPA web filter is good for child safety. 

 

 

 

 

I respectfully disagree. :\

 

If you use mobile devices for consumption, or have consoles, it's pretty much unusable. 

The web filter breaks too many things... and fixing them ... well, the only way available is turn off categories until you figure out which it is... or just turn it off completely. Completely defeating the point.

No disrespect so i look at it this way, If they are mobile devices they should have some level of protection installed on them anyway because mobile devices can leave your network anyway so that's y I have Sophos Mobile Security installed on those devices. https://play.google.com/store/apps/details?id=com.sophos.smsec&hl=en

 

That said I do know what you are saying but as always there are more then one way to solve problems. For me I am good with XG Firewall for now but I do look forward to v2, v3 as it adds more features and more ways to customize the product.  :)

Edited by itGeeks

Share this post


Link to post
Share on other sites
Drashna Jaelre

Agreed.  Hopefully, they'll add the much needed fine tuning options.  And maybe explain some of the new settings...

Share this post


Link to post
Share on other sites
nrf

I don't know if the 'upgrade' option is complete/ready yet. there was mention of a migration tool where you send your UTM9 settings file to the cloud and it comes back in XG form.

Edited by nrf

Share this post


Link to post
Share on other sites
snapper

...then I'll gladly wait on the sidelines to see how this product matures. Right now my UTM 9.3 isn't broke and doesn't need fixed. My family would have a meltdown if there was even a slight hiccup.

 

 

+1

 

Just sold the wife/kids/dog/etc and replaced the ML310ev2 with a Supermicro Superserver.

I was going to try the new Sophos at the same time, but lets give a little while to mature...

  • Like 1

Share this post


Link to post
Share on other sites
itGeeks

I don't know if the 'upgrade' option is complete/ready yet. there was mention of a migration tool where you send your UTM9 settings file to the cloud and it comes back in XG form.

When I had to reinstall Sophos XG Firewall so I could apply my new serial number the option to upgrade from UTM9 was there but I don't know if it works.

+1

 

Just sold the wife/kids/dog/etc and replaced the ML310ev2 with a Supermicro Superserver.

I was going to try the new Sophos at the same time, but lets give a little while to mature...

What model Supermicro Superserver did you go with?

Share this post


Link to post
Share on other sites
snapper

What model Supermicro Superserver did you go with?

 

I build up one based on the Superserver 5028D-TN4T.

In the UK, it was cheaper to buy the Ablecom CS-M50 case and X10SDV-TLN4F board separately and put it together myself, then get it ready made from SM.

 

Running 32gb DDR4 with 512gb NVMe SSD and it flies along with ESXi6 :)

Share this post


Link to post
Share on other sites
pcdoc

Where is everyone's sense of adventure?  Live on the edge... :D  I totally understand everyone's challenges with this new product.  I have spent at least 40-50 hours playing around, testing, configuring, breaking, and fixing.  In the beginning I liked it cause it was new and seemed to be logically laid out, then I hated it cause it was confusing and it did things differently than what I was used to as well  as used terminology that was in some cases seemed backwards, and now I am appreciating it more that I better understand it (using the words loosely).  I have unlearned the conventional standards and beginning to comprehend the logic they attempted to use.  Yes, it has a learning curve however most that do not have an overly complicated setup will be up and running pretty quickly.  My initial test setup was working in about an hour once I figured out how to install it (long story). In my time with it I found it to be more secure than Untangle out of the box (can't compare it to UTM 9.x as I have never used it) and packs many more features for free.  So much so that it was almost annoying at first.  The mobile streaming thing is annoying but once you know how to limit some filtering (thanks to itGeeks) the fix is pretty easy and isolated to that device.  Remember that you are only decreasing the filtering levels of that specific mobile device not everything on your network which is still better than being on LTE or WiFi somewhere with minimal to no filtering.  Comparatively, I had similar issues with Untangle and Plex which has no filtering out of box.  Once I activated some protection it jammed up Plex.  The minute you increase security, something will be blocked.  They even wanted me to bypass all my mobile and media devices to stay within the licensing claiming that phones, tablets, and streamers do not need protection other than NAT.  I am not banging on Untangle but rather pointing out that all of these solutions including off the shelf routers have pros and cons and require us to do some tuning.  If you have something that works, nothing wrong with sticking to it as changing your security is painful, but if you change (to anything) be prepared for some tuning work and a learning curve (especially true for XG).  The approach Sophos has taken with XG does require a learning curve as it is unconventional, but in my opinion from what I have seen it is still a good solution especially if you are coming from a box router.  I am still new at this thing so I may change my tune over the next month or so but as it stands now, I am going from testing to production in the next week or two as I am done testing so I will better see how it behaves on a day to day basis.  I have tested most of what "I" need and rely on except for VPN but from the looks of it that should be doable.  I will keep everyone posted and remember live on the edge...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...