Re: [uknof] Sophos XGS Firewalls

[Paul Bone]

Thanks David.

Paul Bone
Network Consultant/Engineer
From: David Rickard <david.rick...@bnu.ac.uk>
Sent: 20 March 2023 09:57
To: Martin Hepworth <max...@gmail.com>; Paul Bone 
<paul.b...@probitas-solutions.tech>
Cc: uknof@lists.uknof.org.uk
Subject: RE: [uknof] Sophos XGS Firewalls

Chiming in, we’ve got a few in use, and they’re ‘OK’ but they won’t set the 
world on fire. There’s some slightly odd issues with the routing functionality 
(i.e. they won’t announce IPSEC VPN routes!!!!), but the security side of 
things works well. They still don’t support IPv6 PPPoE which is a bit naff, and 
Sophos seem disinterested in adding it any time soon for some reason. The 
central management platform is good enough, but there’s weird quirks of the 
whole management, like not being able to rename certain objects, and only 
having a name entry (no descriptions). Also beware the EoL practices as they 
can catch you out and suddenly go EoL – an EoL device cannot have a new 
subscription attached to it, and a device with no subscription is pretty much 
useless anyway, so you need to be prepared to replace them.

I’d consider it a teenager in grownup clothing. There’s a lot of maturing in to 
do in the XG platform still.

Regards

David


From: uknof 
<uknof-boun...@lists.uknof.org.uk<mailto:uknof-boun...@lists.uknof.org.uk>> On 
Behalf Of Martin Hepworth
Sent: 14 March 2023 08:53
To: paul.b...@probitas-solutions.tech<mailto:paul.b...@probitas-solutions.tech>
Cc: uknof@lists.uknof.org.uk<mailto:uknof@lists.uknof.org.uk>
Subject: Re: [uknof] Sophos XGS Firewalls

CAUTION: This email originated from outside of the organisation. Do not click 
links, open attachments or respond unless you recognise the sender and know 
that the content is safe.

________________________________
Used in $job-1
They still aren't as feature rich as the old sg series, but the performance of 
dpi etc is great with the 2300 and upwards having the extra silicon to use
They really want to be part of the whole Sophos ecosystem with central mgmt 
across an estate etc and feel odd when used in standalone mode.
So if yr customers already use Sophos xdr it's a really good compliment to 
provide a more holistic solution.. standalone a bit meh



On Mon, 13 Mar 2023, 20:47 Paul Bone, 
<paul.b...@probitas-solutions.tech<mailto:paul.b...@probitas-solutions.tech>> 
wrote:
Just wondering if anyone has any stories to share on the Sophos XGS Firewalls? 
Good or bad.

Some of my customers are looking at implementing them as others in their 
vertical market in the US are already keen users but I’ve not really come 
across them much.

Thanks

Paul