Jump to content
RESET Forums (homeservershow.com)
itGeeks

Sophos XG, Good news! MR2 is downloading today.

Recommended Posts

itGeeks

I read about that, and so I changed the scanning from batch to real time. It made no difference.

 

The question is though, why does it only affect streaming on mobile devices? Netflix works fine on the desktop with everything switched on.

 

I checked Windows updates too, and they seem to work fine with webfilter/IPS/Application filters on. I'm sure they never used to.

 

I seemed to be having performance issues with Untangle - nothing I could reliable point to, but web sessions would just hang, or instagram on my iPhone would miss loading some pictures. Was quite odd. Untangle also started reporting rx errors on one of the NICs. I just couldn't be bothered to try and troubleshoot it all, so decided to give Sophos XG another chance!

 

At least I have all the fancy graphs with XG now which I never had before because I had to have everything switched off.

When I was running XG I also tried changing the scan type and it did not fix Netflix on mobile devices, I think the reason we only see the problem on mobile devices and not computers is something to do with the mobile application and how it handles the streaming. I also never had a problem with Windows updates however I did have a problem downloading new 'Insider builds' I had to bypass the computers needing those builds, I also have a problem with my Epson printer software trying to download new firmware for the printer it was a no go unless I bypassed the computer. There where some other problems but can't remember right now. Long story short I switched to Untangle and everything is working perfect. As for your rx errors I have no such trouble, Did you try updating the driver to see if it fixes it? Maybe the NIC is going bad?? I know you say you did not want to bother troubleshooting this but Untangle really seems to be a great NGF in my humble opinion.

Share this post


Link to post
Share on other sites
itGeeks

with regard to stingy permissions for outgoing traffic, much malware is smart enough to masquerade as a commonly needed/allowed protocol thus living within the normal permitted firewall 'holes'.

I would have to agree with you, These writers of viruses/malware are smarter then that and is the reason I don't worry to much about outgoing traffic after all we still have all that nice gateway protection such as Virus Scanner, Malware, Phishing and lets not forget the powerful IPS on the gateway and with all this great protection we should all still have good endpoint protection on our devices. It all comes down to a point of if your going to lock your network down so bad the computer/internet will not be much fun or usable anymore, Its great to be proactive but when do you draw the line? Knock on wood with my multi level protection and the freedom of not locking down my network to the point of no return I have never been infected though I know others hew have because there protection was none existent.

Edited by itGeeks

Share this post


Link to post
Share on other sites
itGeeks

In reference to Malware scanning: When I first installed W10 on my newly built desktop I was getting Blue Screens 3 and 4 times a day. I traced it to Malwarebytes Premium and I when removed it, the BS's stopped. So I don't have it installed on that machine but it works fine on 3 other clients on my LAN.  The one giving the trouble was the only one with a fresh install (as opposed to upgrades from 7 or 8) and is a high end workstation board.

Hmmm interesting. I used Malwarebytes for years and never had any problems like that, I wonder whats going on that is causing the problem? I no longer use Malwarebytes in favor of the new Sophos Home endpoint protection, Its free for up to 10 computer on your registered email address and there is a central management interface, Its been working great for me. If you have not done so check it out.

https://www.sophos.com/en-us/lp/sophos-home.aspx

Share this post


Link to post
Share on other sites
itGeeks

I'm revisiting XG. It seems that now I can turn everything on apart from malware scanning and Netflix will still work on iOS devices. I'm pretty sure that wasn't the case previously.

 

Wonder why the malware scanning breaks it?

 

I'll have a play at adding the iOS devices into a rule above the default with malware scanning off and see how I get on. Problem is it would have to be mac address based, or I'm gonna have to start doing DHCP reservations.

You are correct, Before all scanning needed to be turned off for Netflix to work on mobile devices now after an update the only thing that needs to be set to "none" is the malware scanner. Is for bypassing devices by MAC address it has been reported that it did not work for some so they needed to do a DHCP reservation for those devices, I can not confirm this because by habit everything on my network gets accounted for with a DHCP reservation so that's what I used and in my testing worked great getting Netflix working on mobile devices. Please let us know if doing it by MAC address worked for you.

 

Hope my info helps...

Edited by itGeeks

Share this post


Link to post
Share on other sites
Jason

Still reliably running UTM 9.4 (latest) but may give XG a chance based on pcdoc' assessment.

Share this post


Link to post
Share on other sites
nrf

with regard to 'fun', having tuned sophos utm and learned how to pick out the relevant data from the logs when something goes wrong, I have some "inertia" for staying where I am. Certainly a tool to migrate settings from utm to xg could help overcome that momentum, but it may take more. I am happy to see updates on this thread and I will continue to weigh my options as the landscape changes.

 

thanks to all who are contributing to this thread.

Share this post


Link to post
Share on other sites
Jason

Any updates when the UTM to XG web migration tool will be available?

Share this post


Link to post
Share on other sites
pcdoc

Any updates when the UTM to XG web migration tool will be available

 

According to them, will be around the final release of the V16 which should be in Q3.  This is an area in which they must do very carefully as they have appliances out there.  I am sure they will not rush this one.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...