Jump to content
RESET Forums (homeservershow.com)
itGeeks

Sophos XG, Good news! MR2 is downloading today.

Recommended Posts

pcdoc

So apart from Netflix and lack of live logging, what is wrong with XG?

 

Not being provocative or anything, but there is a lot of bad-press both here and on the Sophos forums about XG and was wondering if it was all bad?

After all, its human nature to complain when things are wrong, but there must be plenty of users with XG that are working fine and therefore don't need to post in forums?

 

I happen to think it is great.  I could go on about the strengths such as top notch filtering, application filtering, antivirus, etc..  I have used many of UTM software and many different routers and to me this is the best solution even though I understand it is not for everyone.  There are so many easy and secure ways to work around the Netflix issues such as a decent access point that to me it is non issue.  There are issues with every solution and it boils down to what fits you needs.  There is a learning curve with Sophos but once you past that it is great solution.  Try for yourself and decide if is for you.  If you give it a bit of time I am sure you will agree with me.

Share this post


Link to post
Share on other sites
itGeeks

So apart from Netflix and lack of live logging, what is wrong with XG?

 

Not being provocative or anything, but there is a lot of bad-press both here and on the Sophos forums about XG and was wondering if it was all bad?

After all, its human nature to complain when things are wrong, but there must be plenty of users with XG that are working fine and therefore don't need to post in forums?

As pcdoc said, There are issues with every solution and for me there was far to many things that you needed to over come to use Sophos in a home environment so I decided to switch back to Untangle after the came out with there new home licenses and I could not be more happy with it, Everything just works now without having to do any workarounds. Some of the things that did not work for me when using Sophos unless you bypassed the devices aka turning off security features was printer updates, downloading new Insider builds of Windows, Netflix streaming to mobile devices, Gaming Consoles, And there was some other things but don't remember now. Point is in a home environment these devices are very common and if you have to turn of security for all this stuff y bother using a product like Sophos at all. Sophos as said they are not a home product and they don't cater to home users though they do provide the free home license but again what good is it if you have to turn all kinda of security off to make your network work? Like pcdoc said Sophos is a great product if used in the right environment but that environment is not the home in my humble opinion. Untangle on the other hand is focusing on the home user and they want to leverage the home users more going into the future. Try both Sophos and Untangle and decide for yourself. 

Share this post


Link to post
Share on other sites
snapper

I happen to think it is great.  I could go on about the strengths such as top notch filtering, application filtering, antivirus, etc..  I have used many of UTM software and many different routers and to me this is the best solution even though I understand it is not for everyone.  There are so many easy and secure ways to work around the Netflix issues such as a decent access point that to me it is non issue.  There are issues with every solution and it boils down to what fits you needs.  There is a learning curve with Sophos but once you past that it is great solution.  Try for yourself and decide if is for you.  If you give it a bit of time I am sure you will agree with me.

 

 

As pcdoc said, There are issues with every solution and for me there was far to many things that you needed to over come to use Sophos in a home environment so I decided to switch back to Untangle after the came out with there new home licenses and I could not be more happy with it, Everything just works now without having to do any workarounds. Some of the things that did not work for me when using Sophos unless you bypassed the devices aka turning off security features was printer updates, downloading new Insider builds of Windows, Netflix streaming to mobile devices, Gaming Consoles, And there was some other things but don't remember now. Point is in a home environment these devices are very common and if you have to turn of security for all this stuff y bother using a product like Sophos at all. Sophos as said they are not a home product and they don't cater to home users though they do provide the free home license but again what good is it if you have to turn all kinda of security off to make your network work? Like pcdoc said Sophos is a great product if used in the right environment but that environment is not the home in my humble opinion. Untangle on the other hand is focusing on the home user and they want to leverage the home users more going into the future. Try both Sophos and Untangle and decide for yourself. 

 

 

Thanks both for your opinions.

I've been using Sophos UTM9 for a year or so now and whilst its very powerful, I agree thats its a PITA to manage for home use.

 

This last week, I have been trialling Untangle. Like it a lot and have devised a possible workaround for their VPN shortcoming, but my biggest issue is with their default installations seems to pass everything out from the LAN and block on exception.

My feeling is that this is the wrong way around - for example on Application Control, everything should be blocked until explicitly allowed. Then if there were any zero-day exploits, there is more chance of limiting damage.

Its the same with the Firewall; it seems to let everything out by default.

 

I can't see any easy way to totally lock Untangle down and then open up only whats needed, otherwise I would start a Kali VM, point it to the Untangle LAN interface and see what happens :o

 

Guess I need to spin up an XG VM and see what happens - just a bit reluctant due to all the bad comments, as I'll get lynched by the family if they can't get their web fix :)

Share this post


Link to post
Share on other sites
Poppapete

With UT the router starts with doors open and you close them.  With sophos it starts with doors shut and you open them.  ergo:  UT is much easier to get going and Sophos is more secure.

  • Like 1

Share this post


Link to post
Share on other sites
pcdoc

With UT the router starts with doors open and you close them.  With sophos it starts with doors shut and you open them.  ergo:  UT is much easier to get going and Sophos is more secure.

 

That is a really good summary....

Share this post


Link to post
Share on other sites
itGeeks

With UT the router starts with doors open and you close them.  With sophos it starts with doors shut and you open them.  ergo:  UT is much easier to get going and Sophos is more secure.

Poppapete, I agree with most of what your saying but would you mind giving me your definition of more secure? I am just trying to wrap my head around y you think Sophos UTM is more secure then Untangle ;) If your saying Sophos UTM is more secure because the default install blocks all outbound traffic from LAN to WAN this does not automatically give the gold award to Sophos as this is very easy to do in Untangle after the install, Just create a new firewall rule 'block all LAN to WAN' and stick it at the top and there you have it everything blocked, Now start creating allow rules and stick them above the new block rule for each port you want to allow. I personally would not do this in a home environment because of all the different types of devices needing all kinds of crazy ports for gaming and such. When I installed Sophos UTM 9 it broke so much stuff that even after a month I still did not have everything working with the default lockdown setup so I just did an allow all outbound and my life was a bit more peaceful.

 

Snapper: If you don't like the default setup of Untangle and the fact that it allows all outbound traffic LAN to WAN then don't wast your time with Sophos XG because that is the default setup with XG and is the reason XG is easier to get up and running after the install but that's where the honeymoon ends and the problems begin if your trying to use streaming services to mobile devices and or gaming consoles ect. As said before Sophos and Untangle are both great products, I have used Sophos UTM 9, XG and Untangle 10 and now v12 and I can honestly say hands down for home use for me Untangle v12. I see your a VM kind of guy so spin-up a VM of Sophos XG and Untangle and give them each a try, I think after a short while you will see what product is the clear winner for home use.

 

Hope my info helps and good luck :)  

Edited by itGeeks

Share this post


Link to post
Share on other sites
Poppapete

itGeeks,

 

I was really referring to Sophos UTM 9 (I gave up on XG after 3 days) purely because it locked everything down at the get-go. I am at present using the new UT and have paid for a 1 year subscription so being of Scottish ancestry I will be sticking with it for 12 months.

Share this post


Link to post
Share on other sites
LoneWolf

itGeeks,

 

I was really referring to Sophos UTM 9 (I gave up on XG after 3 days) purely because it locked everything down at the get-go. I am at present using the new UT and have paid for a 1 year subscription so being of Scottish ancestry I will be sticking with it for 12 months.

 

And deny-then-allow out of the box is always more secure than allow-then-deny.  For real IT users, or security-conscious enthusiasts, the first method is always the way to go.

 

(It would be good if it was the way to go for everyone, but entry-level home users end up getting frustrated with it).

  • Like 1

Share this post


Link to post
Share on other sites
nrf

while I started out with the 'allow all outgoing' rule and put in some specific prohibits ahead of it,  I also set up a separate rule group with the reverse logic but I have never had the guts to try it out and see how much screaming resulted if I had it wrong. But at some point I may do that if something happens to make me believe it is worthwhile. but really, with UTM9 you can do it either way relatively easily.

Share this post


Link to post
Share on other sites
snapper

And deny-then-allow out of the box is always more secure than allow-then-deny.  For real IT users, or security-conscious enthusiasts, the first method is always the way to go.

 

(It would be good if it was the way to go for everyone, but entry-level home users end up getting frustrated with it).

 

 

I'm in the security paranoid group, which is why I was a little surprised to see UT wide open for outgoing.

 

Given the penetration of Cryptowall and its relatives, my thinking is that _if_ a zero day exploit hits my LAN, hopefully closing all outgoing except the essentials will prevent the malware phone home to its C&C and will delay any nasties until the endpoint security catches up and alerts me to the infection.

I know some malware will encrypt without key exchange with C&C, but its all about minimising the risk...

 

Hope my info helps and good luck :)  

 

it does, thanks.

I think I'll have to spin up an XG VM and take it for a drive.

 

 

edit: as an aside, I get the free Security Week newsletters, which I find useful way of seeing whats happening in the security world: http://www.securityweek.com

Edited by snapper

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...