Jump to content
RESET Forums (homeservershow.com)
itGeeks

Sophos XG, Good news! MR2 is downloading today.

Recommended Posts

itGeeks

Still reliably running UTM 9.4 (latest) but may give XG a chance based on pcdoc' assessment.

Ya give it a shot, For me it was a love/hate relationship. Just remember 'pcdoc' has access to there support because his company purchased Sophos we as home users of the free version get no such support. The only other thing I would say is make sure your willing to bypass the protection for some of your mobile devices if your want to use streaming services on them. Then of course there is gaming consoles that you will need to bypass as well. Let us know how your testing goes.

Edited by itGeeks

Share this post


Link to post
Share on other sites
psykix

Ya give it a shot, For me it was a love/hate relationship. Just remember 'pcdoc' has access to there support because his company purchased Sophos we as home users of the free version get no such support. The only other thing I would say is make sure your willing to bypass the protection for some of your mobile devices if your want to use streaming services on them. Then of course there is gaming consoles that you will need to bypass as well. Let us know how your testing goes.

 

I've not noticed any adverse affects with everything on except malware scanning so far. (That doesn't mean that I won't discover issues!)

 

I have Xbox One consoles, Nvidia Shield TV, iPads, iPhones, Windows PC's and more..

 

I noticed that DHCP is still a bit odd with some devices refreshing their leases every 30 mins or so. They never did that with Untangle.

Share this post


Link to post
Share on other sites
itGeeks

I've not noticed any adverse affects with everything on except malware scanning so far. (That doesn't mean that I won't discover issues!)

 

I have Xbox One consoles, Nvidia Shield TV, iPads, iPhones, Windows PC's and more..

 

I noticed that DHCP is still a bit odd with some devices refreshing their leases every 30 mins or so. They never did that with Untangle.

Thanks for the update. I may try Sophos XG again after the new 3QTR update comes down, I am going to wait and see what everyone has to say about it before I try it. That's the beauty of VMs I still have XG setup on a VM but its off right now in favor of Untangle. I am also waiting for my Luma pre-order and will be testing that and if it works well I may just use that, I can never get board with life with this as my hobby. :)

Edited by itGeeks

Share this post


Link to post
Share on other sites
Jason

Reviewing my UTM 9.4 config, I've found it easier to bypass the web filter for home automation devices, gaming consoles, AVRs, streaming devices and adults' mobile devices. Otherwise have found it counterproductive and exhausting to try and browse legitimate websites without having the UTM live logging open to constantly trap and exempt URLs from the filter. Essentially I suppose I could be running XG now if they had a migration tool in place.

Share this post


Link to post
Share on other sites
snapper

We should all be in a "Security Paranoid Group".  It is a better place to be.  If you are going to spin up a XG VM, my article may (or may not) help you.  Tomorrow I will be working the Sophos deployment team to deploy their solution in two locations which will include site to site and end point.  I am going to try and take copious notes so I can share them with everyone.  Remember when using XG, to think backwards.  It is easy but very different and have to unlearn conventional wisdom.

 

 

 

http://thedocsworld.net/sophos-xg-firewall-part-2tightening-security/

 

Thanks - I had already found your site and its was useful :)

One thing though - for some reason, when you try to print it some of the pages and images come out black.

 

with regard to stingy permissions for outgoing traffic, much malware is smart enough to masquerade as a commonly needed/allowed protocol thus living within the normal permitted firewall 'holes'.

 

 

thats the point though; if you don't need/use that protocol, then why allow it out?

e.g. if malware started masquerading as apple iCloud packets to avoid detection, if you had the application blocked because you don't use it, it wouldn't go anywhere.

 

some malware has even started to exfiltrate data through dns query packets; on my UTM9 setup, I translated all DNS queries so they terminated on the UTM9 DNS to try to prevent this.

 

its always going to be a balancing act between security and convenience and i guess the company that cracks this will do very well indeed!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...